CCM
/Skills
SkillsMCPMarketplacesDigestToolsAdvertise

This week in Claude

Every Monday: Claude Code, Agent SDK, MCP, and the Anthropic platform moves worth your time.

Skills by Category
Frontend DevelopmentBackend & APIsTesting & QASecurityDevOps & CI/CDGit & Pull RequestsDocumentationCode Review & QualityAI & Agent BuildingSkill Development
MCP Servers by Category
Sales & MarketingWeb & Browser AutomationDatabasesAI & LLM ToolsCloud & InfrastructureCommunication & MessagingDeveloper ToolsDesign & CreativeDocuments & KnowledgeSearch & Web Crawling
Marketplaces by Category
AI Agents & OrchestrationLLM IntegrationDevelopment ToolsFrontend & UIBackend & APIsDatabasesTesting & Code QualityDevOps & CloudSecurity & ComplianceGit & Version Control

Claude Code Marketplaces

Discover Claude Code plugins, extensions, and tools. Automatically updated directory of Anthropic Claude AI marketplaces with development tools, productivity plugins, and integrations.

Resources

  • Browse Skills
  • Browse MCP Servers
  • Browse Marketplaces
  • Plugins Reference

Community

  • About
  • Tools
  • Feedback
  • Privacy Policy
  • Advertise

Built for the Claude Code community with Claude Code by @mertduzgun

Independent project, not affiliated with Anthropic

Frappe Api Development

lubusin/agent-skills
126 installs21 stars
Summary

This handles both REST and RPC patterns in Frappe, covering the built-in DocType CRUD endpoints and custom whitelisted methods. You'll reach for it when building external integrations, creating webhook receivers, or exposing business logic to frontends. The procedure walks through authentication options (API keys, bearer tokens), permission checking with frappe.has_permission(), and input validation patterns. Notable inclusion: guidance on when to use background jobs for long operations and return status endpoints instead of blocking. The guardrails section is solid on SQL injection and permission bypasses, which are real risks if you're not careful with frappe.whitelist decorators.

Install to Claude Code

npx -y skills add lubusin/agent-skills --skill frappe-api-development --agent claude-code

Installs into .claude/skills of the current project.

CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
Files
SKILL.mdView on GitHub

Frappe API Development

Build secure, well-designed APIs using Frappe's REST and RPC patterns.

When to use

  • Creating custom RPC endpoints (@frappe.whitelist)
  • Building REST API integrations
  • Implementing webhooks for external systems
  • Setting up API authentication (token, OAuth)
  • Exposing business logic to frontends

Inputs required

  • API purpose (CRUD, action, integration)
  • Authentication requirements (public, user, API key)
  • Permission requirements per endpoint
  • Request/response format expectations

Procedure

0) Choose API pattern

NeedPattern
DocType CRUDUse built-in REST API
Custom actionRPC with @frappe.whitelist
External callbackWebhook DocType
Batch operationsBackground job + status endpoint

1) Built-in REST API (DocType CRUD)

Frappe provides automatic REST endpoints for all DocTypes:

# Create
POST /api/resource/Customer
{"customer_name": "Acme Corp"}

# Read
GET /api/resource/Customer/CUST-001

# Update
PUT /api/resource/Customer/CUST-001
{"customer_name": "Acme Corporation"}

# Delete
DELETE /api/resource/Customer/CUST-001

# List with filters
GET /api/resource/Customer?filters=[["status","=","Active"]]

2) Custom RPC endpoints

Create whitelisted methods in your app:

# my_app/api.py
import frappe

@frappe.whitelist()
def process_order(order_id, action):
    """Process an order with the given action."""
    # Always verify permissions
    doc = frappe.get_doc("Sales Order", order_id)
    if not frappe.has_permission("Sales Order", "write", doc):
        frappe.throw("Not permitted", frappe.PermissionError)
    
    # Business logic
    if action == "approve":
        doc.status = "Approved"
        doc.save()
    
    return {"status": "success", "order": doc.name}

@frappe.whitelist(allow_guest=True)
def public_endpoint():
    """Public endpoint - no auth required."""
    return {"message": "Hello, World!"}

Call via:

POST /api/method/my_app.api.process_order
{"order_id": "SO-001", "action": "approve"}

3) Implement authentication

API Key + Secret (recommended for integrations):

# Header format
Authorization: token api_key:api_secret

Bearer Token:

Authorization: Bearer <token>

Session (for logged-in users): Automatic via cookies.

4) Permission checks

ALWAYS check permissions in RPC methods:

@frappe.whitelist()
def sensitive_action(docname):
    doc = frappe.get_doc("My DocType", docname)
    
    # Check document-level permission
    if not frappe.has_permission("My DocType", "write", doc):
        frappe.throw("Not permitted", frappe.PermissionError)
    
    # Check role-based permission
    if "Manager" not in frappe.get_roles():
        frappe.throw("Manager role required")
    
    # Proceed with action
    ...

5) Input validation

@frappe.whitelist()
def create_item(name, qty, price):
    # Validate required fields
    if not name:
        frappe.throw("Name is required")
    
    # Validate types
    qty = frappe.utils.cint(qty)
    price = frappe.utils.flt(price)
    
    # Validate ranges
    if qty <= 0:
        frappe.throw("Quantity must be positive")
    
    # Proceed
    ...

6) Response format

Success response:

return {
    "status": "success",
    "data": {...}
}

Error handling:

# User-facing error
frappe.throw("Validation failed", title="Error")

# Permission error
frappe.throw("Not allowed", frappe.PermissionError)

# Standard exceptions become {"exc_type": "...", "exc": "..."}

7) Background jobs for long operations

@frappe.whitelist()
def start_export(filters):
    job = frappe.enqueue(
        "my_app.jobs.run_export",
        filters=filters,
        queue="long",
        timeout=600
    )
    return {"job_id": job.id}

@frappe.whitelist()
def check_job_status(job_id):
    from frappe.utils.background_jobs import get_job
    job = get_job(job_id)
    return {"status": job.get_status()}

Verification

  • Endpoint responds correctly to valid requests
  • Permission errors returned for unauthorized access
  • Input validation rejects invalid data
  • Error responses are structured and helpful
  • Run: bench --site <site> console → test endpoint manually

Failure modes / debugging

  • Method not found: Check module path in URL matches Python path
  • Permission denied: Verify @frappe.whitelist() decorator and user permissions
  • CSRF error: Use proper auth headers for API calls
  • 500 error: Check error logs: bench --site <site> show-log

Escalation

  • For OAuth integration, see references/oauth.md
  • For webhook patterns, see references/webhooks.md
  • For rate limiting, see references/rate-limiting.md

References

  • references/rest-api.md - REST API details
  • references/authentication.md - Auth patterns
  • references/permissions.md - Permission system
  • references/webhooks.md - Outbound webhooks

Guardrails

  • Always validate input: Never trust client data; validate type, length, and format server-side
  • Use permission callbacks: Check frappe.has_permission() explicitly in whitelisted methods
  • Sanitize user input: Use frappe.db.escape() for SQL, avoid eval() and dynamic code execution
  • Handle rate limiting: Implement rate limits for public APIs to prevent abuse
  • Return structured errors: Use frappe.throw() with proper HTTP status codes

Common Mistakes

MistakeWhy It FailsFix
Missing @frappe.whitelist()Method returns "Method not found" errorAdd decorator to expose method via API
Using GET for mutationsViolates REST conventions, CSRF issuesUse POST/PUT/DELETE for data changes
Not handling errors500 errors expose stack tracesWrap in try/except, use frappe.throw()
Exposing sensitive dataSecurity breachFilter response fields, check permissions
Missing allow_guest=TruePublic endpoints return 403Add @frappe.whitelist(allow_guest=True) for unauthenticated access
SQL injection in queriesDatabase compromiseUse Query Builder or frappe.db.escape()
Featured
CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
Categories
Backend & APIsAI & Agent Building
First SeenJun 3, 2026
View on GitHub

Recommended

More Backend & APIs →
connecting-lambda-to-api-gateway

aws/agent-toolkit-for-aws

connecting lambda to api gateway
1.8k
1.8k
prisma-database-setup

prisma/skills

Step-by-step configuration guides for Prisma ORM across PostgreSQL, MySQL, SQLite, MongoDB, SQL Server, CockroachDB, and Prisma Postgres.
15.5k
44
firebase-auth-basics

firebase/agent-skills

Set up Firebase Authentication with multiple identity providers and secure data access rules.
105.1k
375
api-gateway-configurator

Dexploarer/hyper-forge

Configure and manage API gateways including Kong, Tyk, AWS API Gateway, and Apigee. Activates when users need help setting up API gateways, rate limiting, authentication, request transformation, or API management.
5
api-gateway

itsmostafa/aws-agent-skills

AWS API Gateway for REST and HTTP API management. Use when creating APIs, configuring integrations, setting up authorization, managing stages, implementing rate limiting, or troubleshooting API issues.
1.1k
clerk-backend-api

clerk/skills

clerk backend api
20.9k
56