Request flow
Purpose
Section titled “Purpose”Explain the path from a browser or API client to application code in Frappe.
sequenceDiagram participant C as Client participant F as Frappe web layer participant W as Whitelist handler participant DB as MariaDB C->>F: HTTPS request (Desk or /api) F->>F: Session / auth resolution alt API method call F->>W: Route to leekimerp.api.module.fn W->>DB: ORM / frappe.db W-->>C: JSON response else DocType action F->>F: DocType controller / hooks F->>DB: Transaction F-->>C: Response / redirect endWhitelisted API path pattern
Section titled “Whitelisted API path pattern”Frappe exposes methods as:
POST (or as annotated) to /api/method/leekimerp.api.<file>.<function_name>
Exact routing and CSRF behavior follow Frappe version documentation.
Entry points
Section titled “Entry points”- Website / portal:
www/, website routes as configured - Desk: standard DocType views and custom scripts from
hooks.py - Integrations: Webhooks (e.g. Xero, Stripe) hit dedicated
@frappe.whitelist(allow_guest=True)handlers with signature verification where implemented
Dependencies
Section titled “Dependencies”- Frappe middleware (rate limits, authentication)
- App installed on site:
leekimerp
Operational notes
Section titled “Operational notes”- Guest-allowed endpoints require careful review (see Security checklist).