The Frappe Assistant Core uses a plugin-based architecture where tools are organized into discoverable plugins. This reference covers both the MCP protocol endpoints and the plugin-specific tool APIs.
All MCP requests require OAuth 2.0 Bearer token authentication.
Authorization: Bearer <access_token>- Discover OAuth endpoints via
/.well-known/openid-configuration - Optionally register client via dynamic registration endpoint
- Perform OAuth authorization code flow with PKCE
- Exchange authorization code for access token
- Use access token in Authorization header for all MCP requests
See MCP StreamableHTTP Guide for complete OAuth flow documentation.
401 Unauthorized - Missing or invalid token:
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Bearer realm="Frappe Assistant Core",
error="invalid_token",
error_description="Token has expired",
resource_metadata="https://your-site.com/.well-known/oauth-protected-resource"
Content-Type: application/json{
"error": "invalid_token",
"message": "Token has expired"
}POST /api/method/frappe_assistant_core.api.fac_endpoint.handle_mcp
Protocol: MCP 2025-03-26 (JSON-RPC 2.0) Transport: StreamableHTTP Authentication: Required (OAuth 2.0 Bearer token)
All MCP operations use this single endpoint with different JSON-RPC methods.
Initializes MCP connection and returns server capabilities.
Request:
POST /api/method/frappe_assistant_core.api.fac_endpoint.handle_mcp HTTP/1.1
Host: your-frappe-site.com
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGc...
Content-Type: application/json{
"jsonrpc": "2.0",
"method": "initialize",
"params": {
"protocolVersion": "2025-03-26",
"capabilities": {}
},
"id": 1
}Response:
{
"jsonrpc": "2.0",
"result": {
"protocolVersion": "2025-03-26",
"capabilities": {
"tools": {}
},
"serverInfo": {
"name": "frappe-assistant-core",
"version": "2.0.0"
}
},
"id": 1
}Returns list of available tools for current user (filtered by permissions).
Request:
POST /api/method/frappe_assistant_core.api.fac_endpoint.handle_mcp HTTP/1.1
Host: your-frappe-site.com
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGc...
Content-Type: application/json{
"jsonrpc": "2.0",
"method": "tools/list",
"params": {},
"id": 2
}Response:
{
"jsonrpc": "2.0",
"result": {
"tools": [
{
"name": "create_document",
"description": "Create a new Frappe document",
"inputSchema": {
"type": "object",
"properties": {
"doctype": { "type": "string" },
"data": { "type": "object" }
},
"required": ["doctype", "data"]
}
}
]
},
"id": 2
}Executes a specific tool with provided arguments.
Request:
POST /api/method/frappe_assistant_core.api.fac_endpoint.handle_mcp HTTP/1.1
Host: your-frappe-site.com
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGc...
Content-Type: application/json{
"jsonrpc": "2.0",
"method": "tools/call",
"params": {
"name": "create_document",
"arguments": {
"doctype": "Customer",
"data": {
"customer_name": "Test Customer"
}
}
},
"id": 3
}Response:
{
"jsonrpc": "2.0",
"result": {
"content": [
{
"type": "text",
"text": "Customer created successfully with ID: CUST-00001"
}
],
"isError": false
},
"id": 3
}GET /.well-known/openid-configuration
Returns OpenID Connect discovery document with OAuth 2.0 and MCP-specific metadata.
Response:
{
"issuer": "https://your-site.com",
"authorization_endpoint": "https://your-site.com/api/method/frappe.integrations.oauth2.authorize",
"token_endpoint": "https://your-site.com/api/method/frappe.integrations.oauth2.get_token",
"userinfo_endpoint": "https://your-site.com/api/method/frappe.integrations.oauth2.openid_profile",
"jwks_uri": "https://your-site.com/api/method/frappe_assistant_core.api.oauth_discovery.jwks",
"registration_endpoint": "https://your-site.com/api/method/frappe_assistant_core.api.oauth_registration.register_client",
"revocation_endpoint": "https://your-site.com/api/method/frappe.integrations.oauth2.revoke_token",
"introspection_endpoint": "https://your-site.com/api/method/frappe.integrations.oauth2.introspect_token",
"response_types_supported": ["code"],
"grant_types_supported": ["authorization_code", "refresh_token"],
"code_challenge_methods_supported": ["S256"],
"token_endpoint_auth_methods_supported": ["none", "client_secret_basic", "client_secret_post"]
}GET /.well-known/oauth-authorization-server
Returns RFC 8414 compliant authorization server metadata.
Response:
{
"issuer": "https://your-site.com",
"authorization_endpoint": "https://your-site.com/api/method/frappe.integrations.oauth2.authorize",
"token_endpoint": "https://your-site.com/api/method/frappe.integrations.oauth2.get_token",
"registration_endpoint": "https://your-site.com/api/method/frappe_assistant_core.api.oauth_registration.register_client",
"response_types_supported": ["code"],
"grant_types_supported": ["authorization_code", "refresh_token"],
"code_challenge_methods_supported": ["S256"]
}GET /.well-known/oauth-protected-resource
Returns RFC 9728 compliant protected resource metadata.
Response:
{
"resource": "https://your-site.com",
"authorization_servers": ["https://your-site.com"],
"scopes_supported": ["all", "openid"]
}POST /api/method/frappe_assistant_core.api.oauth_registration.register_client
Implements OAuth 2.0 Dynamic Client Registration (RFC 7591). Creates a new OAuth client automatically.
Request:
{
"client_name": "MCP Inspector",
"redirect_uris": ["http://localhost:6274/callback"],
"token_endpoint_auth_method": "none",
"grant_types": ["authorization_code", "refresh_token"],
"response_types": ["code"],
"scope": "all openid"
}Response:
{
"client_id": "a1b2c3d4e5",
"client_name": "MCP Inspector",
"redirect_uris": ["http://localhost:6274/callback"],
"token_endpoint_auth_method": "none",
"grant_types": ["authorization_code", "refresh_token"],
"response_types": ["code"],
"client_id_issued_at": 1704067200
}These endpoints are provided by Frappe core. See OAuth Setup Guide for usage.
GET /api/method/frappe.integrations.oauth2.authorize
OAuth authorization endpoint. Redirects to login if not authenticated.
POST /api/method/frappe.integrations.oauth2.get_token
Exchange authorization code for access token.
POST /api/method/frappe.integrations.oauth2.revoke_token
Revoke an access or refresh token.
POST /api/method/frappe.integrations.oauth2.introspect_token
Get information about a token.
GET /api/method/frappe.integrations.oauth2.openid_profile
Get user profile information (OpenID Connect).
GET /api/method/frappe_assistant_core.api.plugin_api.get_discovered_plugins
Returns all discovered plugins with their status.
Response:
{
"success": true,
"plugins": [
{
"name": "data_science",
"display_name": "Data Science & Analytics",
"version": "1.0.0",
"can_enable": true,
"loaded": false
}
]
}POST /api/method/frappe_assistant_core.api.plugin_api.refresh_plugins
Refreshes plugin discovery.
Response:
{
"success": true,
"message": "Plugin discovery completed",
"plugin_count": 3
}GET /api/method/frappe_assistant_core.api.plugin_api.get_available_tools
Returns all available tools with statistics.
Response:
{
"success": true,
"tools": [...],
"stats": {
"total_tools": 20,
"core_tools": 15,
"plugin_tools": 5
}
}Creates a new Frappe document.
Parameters:
doctype(string, required): DocType namedata(object, required): Document field datasubmit(boolean, optional): Whether to submit after creation
Example:
{
"doctype": "Customer",
"data": {
"customer_name": "ABC Corp",
"customer_type": "Company"
},
"submit": false
}Retrieves a specific document.
Parameters:
doctype(string, required): DocType namename(string, required): Document IDfields(array, optional): Specific fields to retrieve
Updates an existing document.
Parameters:
doctype(string, required): DocType namename(string, required): Document IDdata(object, required): Fields to update
Lists documents with filters.
Parameters:
doctype(string, required): DocType namefilters(object, optional): Filter conditionsfields(array, optional): Fields to retrievelimit(integer, optional): Maximum records (default: 20)
Deletes a document.
Parameters:
doctype(string, required): DocType namename(string, required): Document IDforce(boolean, optional): Force delete
Searches across all accessible DocTypes.
Parameters:
query(string, required): Search querylimit(integer, optional): Results per DocTypedoctypes(array, optional): Specific DocTypes to search_documents
Searches within a specific DocType.
Parameters:
doctype(string, required): DocType to search_documentsquery(string, required): Search queryfields(array, optional): Fields to search_documents inlimit(integer, optional): Maximum results
Searches for link field options.
Parameters:
doctype(string, required): Target DocTypequery(string, optional): Filter queryfilters(object, optional): Additional filterslimit(integer, optional): Maximum options
Gets DocType metadata and structure.
Parameters:
doctype(string, required): DocType nameinclude_fields(boolean, optional): Include field definitionsinclude_permissions(boolean, optional): Include permissionsinclude_links(boolean, optional): Include linked DocTypes
Lists all available DocTypes.
Parameters:
module(string, optional): Filter by moduleis_submittable(boolean, optional): Filter by submittableinclude_custom(boolean, optional): Include custom DocTypes
Gets detailed field information.
Parameters:
doctype(string, required): DocType namefieldtype(string, optional): Filter by field typerequired_only(boolean, optional): Show only required fields
Executes a Frappe report.
Parameters:
report_name(string, required): Report namefilters(object, optional): Report filtersformat(string, optional): Output formatlimit(integer, optional): Maximum rows
Lists available reports.
Parameters:
module(string, optional): Filter by modulereport_type(string, optional): Filter by typereference_doctype(string, optional): Filter by DocType
Gets detailed report information.
Parameters:
report_name(string, required): Report nameinclude_query(boolean, optional): Include SQL query
Performs workflow action on document.
Parameters:
doctype(string, required): Document typedocname(string, required): Document IDaction(string, required): Workflow actioncomment(string, optional): Action comment
Checks workflow status of document.
Parameters:
doctype(string, required): Document typedocname(string, required): Document ID
Lists documents in workflow queues.
Parameters:
doctype(string, optional): Filter by DocTypeworkflow_state(string, optional): Filter by stateassigned_to_me(boolean, optional): Only assigned itemslimit(integer, optional): Maximum results
Executes Python code safely.
Parameters:
code(string, required): Python codetimeout(integer, optional): Execution timeoutcapture_output(boolean, optional): Capture print outputreturn_variables(array, optional): Variables to return
Performs statistical analysis on DocType data.
Parameters:
doctype(string, required): DocType to analyzeanalysis_type(string, required): Type of analysisfields(array, optional): Fields to analyzefilters(object, optional): Data filterslimit(integer, optional): Maximum records
Executes SQL queries and analyzes results.
Parameters:
query(string, required): SQL query (SELECT only)analysis_type(string, optional): Analysis typeparameters(object, optional): Query parameterslimit(integer, optional): Row limit
Extracts content from various file formats for LLM processing.
Parameters:
file_url(string, optional): File URL from Frappe (e.g., '/files/invoice.pdf')file_name(string, optional): File name from File DocTypeoperation(string, required): Operation typeextract: General text/data extractionocr: OCR for images and scanned documentsparse_data: Structured data from CSV/Excelextract_tables: Table extraction from PDFs
language(string, optional): OCR language code (default: 'eng')output_format(string, optional): Output format ('json', 'text', 'markdown')max_pages(integer, optional): Max pages for PDFs (default: 50)
Example:
{
"file_url": "/files/contract.pdf",
"operation": "extract",
"output_format": "text"
}Response:
{
"success": true,
"content": "Extracted text content...",
"file_info": {
"name": "contract.pdf",
"type": "pdf",
"size": 245678
},
"pages": 10
}Creates Frappe dashboards with multiple charts.
Parameters:
dashboard_name(string, required): Name of the dashboarddoctype(string, required): Primary DocType for data sourcechart_configs(array, required): Array of chart configurationsfilters(object, optional): Global filters for all charts
Creates individual Dashboard Chart documents.
Parameters:
chart_name(string, required): Name of the chartchart_type(string, required): Chart type (bar, line, pie, donut, percentage, heatmap)doctype(string, required): DocType for data sourceaggregate_field(string, required): Field to aggregateaggregate_function(string, required): Aggregation function (Sum, Count, Average)time_series(object, optional): Time series configurationfilters(object, optional): Chart-specific filters
Lists user's accessible dashboards.
Parameters:
dashboard_type(string, optional): Filter by dashboard typeinclude_shared(boolean, optional): Include shared dashboards
{
"jsonrpc": "2.0",
"error": {
"code": -32603,
"message": "Internal error",
"data": {
"error_type": "ValidationError",
"details": "Missing required field: doctype"
}
},
"id": 1
}-32700: Parse error (Invalid JSON)-32600: Invalid request-32601: Method not found-32602: Invalid params-32603: Internal error
PermissionError: Insufficient permissionsValidationError: Invalid input dataDoesNotExistError: Resource not foundDuplicateEntryError: Duplicate data
Authorization: token api_key:api_secretStandard Frappe session cookies for web requests.
- Default: 60 requests per minute per user
- Configurable in Assistant Core Settings
- Exceeded requests return HTTP 429
{
"success": true,
"data": {...},
"meta": {
"count": 10,
"total": 100
}
}{
"success": false,
"error": "Error message",
"error_type": "ValidationError"
}For list endpoints:
{
"limit": 20,
"offset": 0,
"order_by": "creation desc"
}Standard Frappe filters format:
{
"filters": {
"disabled": 0,
"creation": [">=", "2024-01-01"]
}
}Specify fields to retrieve:
{
"fields": ["name", "customer_name", "creation"]
}