Forum Discussion

luke_dc's avatar
luke_dc
Member
5 months ago

MYOB API Keys with OAUTH 2.0

Hi, I am developing a desktop app for Windows which connects via OAUTH to MYOB Cloud instances.    It authenticates the user via the OAUTH MYOB login page and keeps the access token in memory while...
The_Doc's avatar
The_Doc
Ultimate Cover User
5 months ago

Hi luke_dc​ 

I would be very careful about using any advise from ChatGPT - it is banned in our business. However,  OAUTH PKCE = Proof key for code exchange isn't available in MYOB API but is available in XERO API and is a means to get around this problem.

 

However, to solve your problem - yes, handing out your secret in plain text or a token that has a long life is handing keys to the kingdom in your app.

 

The bottom line is you need to encrypt these, somehow and there are a lot of articles on how to do this - but do not embed your secret into your source code - that is bad ju ju development - you need to encrypt and store it in a secret location on the user's computer - in registry or in a hidden location - so that if your app is stolen the key doesn't go with it.

 

And yes, there are ways of doing this without compromising your secret key and tokens - but the bottom line is do not store in plain text. 

 

And finally- obfuscate your source code - there are utilities to do this on the internet.

 

The Doc.

 

 

Looking for something else?

Search the Community Forum for answers or find your topic and get the conversation started!

Community home

Level up your skills using MYOB software.

 

Find help guides and technical solutions for all MYOB products here

Explore video tutorials for our software at the MYOB Academy here

 

Dig into MYOB Academy for free courses, learning paths and live events to help build your business with MYOB.