frappe-impl-integrations

Facilitates OAuth, webhooks, and payment gateway integrations in Frappe, ensuring secure data handling and seamless external service connections.

Install this skill

or

1/100

Security score

The frappe-impl-integrations skill was audited on May 28, 2026 and we found 31 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 380

Curl to non-GitHub URL

SourceSKILL.md

380	curl -X POST https://your-site.com/api/method/login \

medium line 4

Webhook reference - potential data exfiltration

SourceSKILL.md

4	Use when implementing OAuth providers, Connected Apps, Webhooks, Payment Gateways, or Data Import/Export in Frappe.

medium line 5

Webhook reference - potential data exfiltration

SourceSKILL.md

5	Prevents authentication failures from wrong OAuth flow, missed webhook deliveries, and data corruption during bulk imports.

medium line 6

Webhook reference - potential data exfiltration

SourceSKILL.md

6	Covers OAuth2 provider/client, Connected App DocType, Webhook DocType, Payment Gateway integration, Data Import, Data Export, frappe.integrations module.

medium line 7

Webhook reference - potential data exfiltration

SourceSKILL.md

7	Keywords: OAuth, Connected App, Webhook, Payment Gateway, Data Import, Data Export, integration, API key, OAuth2, webhook trigger, connect to external service, OAuth setup, webhook configuration, impo

medium line 17

Webhook reference - potential data exfiltration

SourceSKILL.md

17	Step-by-step workflows for OAuth, Webhooks, Payment Gateways, Data Import/Export, and external API calls.

low line 29

Webhook reference - potential data exfiltration

SourceSKILL.md

29	│ ├─► On document events → Webhook (push to external)

low line 47

Webhook reference - potential data exfiltration

SourceSKILL.md

47	├─► Real-time → Webhook or API endpoint

medium line 156

Webhook reference - potential data exfiltration

SourceSKILL.md

156	## Workflow 3: Webhooks: Push Notifications to External Services

medium line 158

Webhook reference - potential data exfiltration

SourceSKILL.md

158	### Step 1: Create Webhook DocType

medium line 160

Webhook reference - potential data exfiltration

SourceSKILL.md

160	Navigate to Integrations > Webhook:

medium line 193

Webhook reference - potential data exfiltration

SourceSKILL.md

193	### Step 4: Enable Webhook Secret (HMAC Verification)

medium line 195

Webhook reference - potential data exfiltration

SourceSKILL.md

195	Set a Webhook Secret — Frappe adds `X-Frappe-Webhook-Signature` header with base64-encoded HMAC-SHA256 hash of the payload.

low line 202

Webhook reference - potential data exfiltration

SourceSKILL.md

202	def verify_webhook(payload_body, secret, signature_header):

medium line 211

Webhook reference - potential data exfiltration

SourceSKILL.md

211	- ALWAYS enable Webhook Secret for production webhooks

medium line 212

Webhook reference - potential data exfiltration

SourceSKILL.md

212	- NEVER rely on webhooks for guaranteed delivery — implement idempotency on the receiver

medium line 214

Webhook reference - potential data exfiltration

SourceSKILL.md

214	- Webhook logs are created for every delivery — check Webhook Request Log for debugging

medium line 393

Webhook reference - potential data exfiltration

SourceSKILL.md

393	\| Webhook \| Push on event \| Webhook DocType configuration \|

medium line 429

Webhook reference - potential data exfiltration

SourceSKILL.md

429	\| Webhook DocType \| Yes \| Yes \| Yes \|

medium line 435

Webhook reference - potential data exfiltration

SourceSKILL.md

435	\| Webhook HMAC \| Yes \| Yes \| Yes \|

low line 92

External URL reference

SourceSKILL.md

92	auth_url = https://your-frappe.com/api/method/frappe.integrations.oauth2.authorize

low line 93

External URL reference

SourceSKILL.md

93	token_url = https://your-frappe.com/api/method/frappe.integrations.oauth2.get_token

low line 94

External URL reference

SourceSKILL.md

94	api_url = https://your-frappe.com/api/method/frappe.integrations.oauth2.openid_profile

low line 121

External URL reference

SourceSKILL.md

121	\| Scopes \| Permissions needed (e.g., `https://mail.google.com/`) \|

low line 145

External URL reference

SourceSKILL.md

145	response = session.get("https://www.googleapis.com/gmail/v1/users/me/messages")

low line 227

External URL reference

SourceSKILL.md

227	"https://api.example.com/data",

low line 233

External URL reference

SourceSKILL.md

233	"https://api.example.com/submit",

low line 248

External URL reference

SourceSKILL.md

248	"https://api.example.com/endpoint",

low line 366

External URL reference

SourceSKILL.md

366	https://your-site.com/api/resource/Sales%20Invoice

low line 373

External URL reference

SourceSKILL.md

373	https://your-site.com/api/resource/Sales%20Invoice

low line 380

External URL reference

SourceSKILL.md

380	curl -X POST https://your-site.com/api/method/login \

Scanned on May 28, 2026

View Security Dashboard

Installation guide →

GitHub Stars 125

Rate this skill

Categorydevelopment

UpdatedJune 15, 2026

claude-code api backend backend-developer data-engineer product-manager technical-pm growth-pm development product

Impertio-Studio/Frappe_Claude_Skill_Package