This handles both REST and RPC patterns in Frappe, covering the built-in DocType CRUD endpoints and custom whitelisted methods. You'll reach for it when building external integrations, creating webhook receivers, or exposing business logic to frontends. The procedure walks through authentication options (API keys, bearer tokens), permission checking with frappe.has_permission(), and input validation patterns. Notable inclusion: guidance on when to use background jobs for long operations and return status endpoints instead of blocking. The guardrails section is solid on SQL injection and permission bypasses, which are real risks if you're not careful with frappe.whitelist decorators.
npx skills add https://github.com/lubusin/agent-skills --skill frappe-api-development