Forum Discussion

Member

5 hours ago

OAuth2 invalid_scope error for sme-* scopes

I'm running into an OAuth2 authorization issue.

When I include any sme-* scope in the OAuth2 authorization request, the flow fails immediately with:

The requested scope is invalid, unknown, or malformed. The OAuth 2.0 Client is not allowed to request scope 'sme-company-file'.

If I omit the scope entirely, the flow succeeds but the resulting token only contains offline_access and openid.

Example authorization URL

https://secure.myob.com/oauth2/account/authorize?client_id=&redirect_uri=&response_type=code&scope=sme-company-file%20sme-general-ledger&prompt=consent

What I've confirmed

API key was created after March 2025, so SME scopes should apply
Redirect URI is correctly registered — a mismatch returns a different, distinct error
Tested multiple sme-* scopes — all fail with the same message
Registered a brand new application and reproduced the same error
Tested directly in the browser (no SDK or middleware involved)
Old-style scopes (e.g. CompanyFile) also fail with the same error

Any help is appreciated.

No RepliesBe the first to reply

Looking for something else?

Search the Community Forum for answers or find your topic and get the conversation started!

Level up your skills using MYOB software.

Find help guides and technical solutions for all MYOB products here

Explore video tutorials for our software at the MYOB Academy here

Dig into MYOB Academy for free courses, learning paths and live events to help build your business with MYOB.

MYOB Academy