MYOB API Keys with OAUTH 2.0
Hi, I am developing a desktop app for Windows which connects via OAUTH to MYOB Cloud instances. It authenticates the user via the OAUTH MYOB login page and keeps the access token in memory while...
Forum Discussion
Hi luke_dc
I would be very careful about using any advise from ChatGPT - it is banned in our business. However, OAUTH PKCE = Proof key for code exchange isn't available in MYOB API but is available in XERO API and is a means to get around this problem.
However, to solve your problem - yes, handing out your secret in plain text or a token that has a long life is handing keys to the kingdom in your app.
The bottom line is you need to encrypt these, somehow and there are a lot of articles on how to do this - but do not embed your secret into your source code - that is bad ju ju development - you need to encrypt and store it in a secret location on the user's computer - in registry or in a hidden location - so that if your app is stolen the key doesn't go with it.
And yes, there are ways of doing this without compromising your secret key and tokens - but the bottom line is do not store in plain text.
And finally- obfuscate your source code - there are utilities to do this on the internet.
The Doc.
