Forum Discussion

CPSVu's avatar
CPSVu
User
6 years ago
Solved

Invalid request getting access token

I have been trying to get the MYOB access code using my API keys for two days to no avail...

 

I got the access code from `https://secure.myob.com/oauth2/account/authorize`, passing my client_id (API key), redirect URI (URL encoded), scope. At first I got  the "DeveloperInactive" error but by adding `x-myobapi-key` in the headers (the same API key as in client_id) that has gone away.

 

Now I have a different problem. Using the `code` from previous, I created this get_access_token script (in python)

```

data = {
'client_id': 'q[redacted]y',
'client_secret': 'Z[redacted]z',
'scope': 'CompanyFile',
'code': 'Wkb[redacted]', # what I got from the previous step
'redirect_uri': '[redacted]',
'grant_type': 'authorization_code'
}

headers = {
'Content-Type': 'application/x-www-form-urlencoded'
}

resp = requests.post(url, data=data, headers=headers)
print(resp.content)
```
 
this simply returns `'{"error":"invalid_request"}'`
 
I am new to this process and I'm not sure how the request can be invalid. I have tried many combinations of the redirect_uri and the code being url_encoded or not. I simply want to access the company files. Hope someone can enlighten me. Thanks.
  • CPSVu's avatar
    CPSVu
    6 years ago

    I figured it out. I'll leave the solution here for users who may run into the same issue.

     

    I used a very dodgy method of retrieving the code without a web socket, which was using a Chrome extension to modify headers of my access code request in order to log in (which requires browser). Then I got the code directly from Chrome's URL bar. This means the code is URL encoded, hence my invalid request. I decoded the URL and send the request again (with a similarly unencoded Redirect URI) and got the access token.

     

    I had to do the "Chrome-based modified-header request" thing because I was only trying to log in as a developer, not using any web interface for users with a public facing URL that could be redirected to. Could not find any existing solution for it. It would help if MYOB support could chime in with a better solution to retrieving the code. 

2 Replies

Sort By
Replies have been turned off for this discussion
  • CPSVu's avatar
    CPSVu
    User
    6 years ago

    I figured it out. I'll leave the solution here for users who may run into the same issue.

     

    I used a very dodgy method of retrieving the code without a web socket, which was using a Chrome extension to modify headers of my access code request in order to log in (which requires browser). Then I got the code directly from Chrome's URL bar. This means the code is URL encoded, hence my invalid request. I decoded the URL and send the request again (with a similarly unencoded Redirect URI) and got the access token.

     

    I had to do the "Chrome-based modified-header request" thing because I was only trying to log in as a developer, not using any web interface for users with a public facing URL that could be redirected to. Could not find any existing solution for it. It would help if MYOB support could chime in with a better solution to retrieving the code.