Forum Discussion

MikeG1's avatar
MikeG1
MYOB Moderator
12 days ago

Developer Communication - Issues Authenticating 3rd Party access to MYOB customer’s ledgers.

Hi everyone,

Many are aware of this already, but I have a thorough update that includes some good news for those with IE 10 & 11. I also want to make this as a standalone post to make it easy for people to find. 

A recent service upgrade has caused some third-party integrations to be unable to connect to customers' ledgers during Authentication. This was an unexpected event as we were unaware of the degree to which our older Integrations still utilised older Web control methods for this process.

 

Integrations that use Internet Explorer (IE) web browser authentication controls, will encounter an error attempting to prompt the redirection authentication window during this process.

 

We recommend keeping all integrations utilising the latest version of the browser chosen for this Authentication step. 
Some Developers may need to upgrade their .Net Web browser controls in order to switch the default configuration to a supported browser like Microsoft Edge. 


If you are currently using:

 

IE10 or IE11

We appreciate this latest MYOB upgrade disrupted those using these browsers, so we are extending the support of integrations using IE10 and IE11 but recommend migrating off Internet explorer as soon as possible.

 

IE9 or prior

If you use IE9 or below, please update your integration immediately to enable connection to our customers’ ledgers.


Further correspondence can be found in our community forum MYOB Business API board and we will endeavour to communicate any changes to the API community in future.

 

We apologise for the inconvenience this has caused. If you need further support, please get in touch with the API support team here.

 

Kind regards, Mike

5 Replies

Sort By
  • eJulia's avatar
    eJulia
    Trusted Partner
    4 days ago

    Do you not have a change management process?

     

    I an somewhat horrified that you have not:

    1. Realised that most developers do not update their systems just to keep them fashionably up to date, too busy reacting to basic business functionality requirements
    2. Announced this change well ahead so we could prepare for it
    3. Supplied sample code, also well ahead, to assist in that preparation
    4. Backed this change out, with suitable apologies, when the scale of the problem emerged

     

    You give the impression that you think it is just a matter of someone (end users?) upgrading their browser but in fact it is a matter of rebuilding a Windows application to use a completely different set of browser classes, with different, non-equivalent properties and methods. It all has to happen within the software and the classes it uses. Replacing IE with Edge on the outside does nothing to solve the problem.

     

    Most people selling Windows software, like us and many of your add-in developers, would need to go through a process of:

    1. Modifying code and testing it

    2. Regression testing to ensure that the changes did not break something else

    3. Updating the deployment package to ensure all the necessary addins get in

    4. Testing the build install package

    5. Updating to a web site

    6. Notifying end users that they really do need to upgrade

     

    This does not happen over a weekend. Also finding out that it needs to be addressed because one of our users raised the issue with us, probably about a week after you did it does not help.

     

    We cannot take on new users so no new customers, no license sales until this is fixed.

    • Mike_James's avatar
      Mike_James
      Ultimate Partner
      4 days ago

      Well said eJulia . Another point to make is that not all developers use dotnet (strange but true...), so in our case we cannot benefit from the amazingly generous contributions of other dotnet devs. 

      I have a theory (based on the new access code starting "ory_") that MYOB has taken on an "IAM" program from www.ory.sh, to handle the authorisation part of the API. Possibly it was expected (or the advice was) that the change would be transparent to all add-on programs. I await confirmation.

       

  • MikeG1's avatar
    MikeG1
    MYOB Moderator
    5 days ago

    For anyone still needing support with updating.
    One of the developers in our community has shared some code and instructions that helped them to update and others have also been successful following this advice.
    Check it out here
    Thanks to Steve_PP for sharing with the community 

  • eJulia's avatar
    eJulia
    Trusted Partner
    2 days ago

    Yes, I have benefitted from the advice given by Steve_PP but it is too much to expect him to keep on helping with on-going issues. He may have solved this problem and has helped a few of us to do so too but some of us do have on-going issues.

     

    I have just had to promise a user that their latest renewal will be extended to reflect the period that they cannot use our system. They will not be the only ones. That on top of not getting new sales until we have this solved.

     

    if MYOB were advised that the change would be transparent to all add-ons they perhaps did not understand what a variety of add-ons there are out there. Also such statements from people/organisations selling something need to be taken with a full handful of salt. Some testing would have been in order and roll-back immediate once the problem emerged. 

     

    What they should have done is leave the existing structure/process in place, implement the new one via a different URL and notify all of us developers as to what they were doing and that they would be closing down the original after we all had sufficient time to adapt, say sometime next year. that would provide time for everyone both within MYOB and us developers to test in development, not on live systems.

     

    I still think this demonstates a shocking lack of proper change management process.

  • eJulia's avatar
    eJulia
    Trusted Partner
    2 days ago

    I had it working for 3 of my 4 applications briefly and have been testing, as responsible developers do before deploying new versions. Today I find it is not working again so took a look at what came back from the request and found that far from it being a response providing the necessary oauth token and possibly a few other pertinent data items I had got back a page or so of a html ranting on about how wonderful MYOB was for small developers. If someone thinks that sort of thing is appropriate to shove in the faces of the clients of add-on developers whenever they install the add-on software on a new PC or for a new employee they should think again.

     

    It looks as though someone is of the impression that this authorization only gets applied when a fresh new developer starts up a new ad-hoc app for in-house use. I suspect that the perpetrators are probably unaware of how this is used and driven by some marketing/fashion motivation, quite unaware of any change management process.

     

    Myob is losing ground to Xero partly because Xero has a better range of add-ons. Breaking the existing add-ons is a long way from how to fix that.

     

    Could you please escalate this. It cannot just be fixed by linking to other developers discussions as to how to get round the problem. It is simply not acceptable to have add-ons being broken by ad-hoc changes without notice. The change management process should involve planning and notification well in advance, similar to the way it was managed for the upgrade to use TLS1.2 back in 2017, when we were given ample notice to enable us to prepare new releases.