Forum Discussion

ac_goose's avatar
ac_goose
Member
16 days ago

OAuth2 invalid_scope error for sme-* scopes

I'm running into an OAuth2 authorization issue.

 

When I include any sme-* scope in the OAuth2 authorization request, the flow fails immediately with:

The requested scope is invalid, unknown, or malformed. The OAuth 2.0 Client is not allowed to request scope 'sme-company-file'.

 

If I omit the scope entirely, the flow succeeds but the resulting token only contains offline_access and openid.

 

Example authorization URL

https://secure.myob.com/oauth2/account/authorize?client_id=&redirect_uri=&response_type=code&scope=sme-company-file%20sme-general-ledger&prompt=consent

 

What I've confirmed

  • API key was created after March 2025, so SME scopes should apply
  • Redirect URI is correctly registered — a mismatch returns a different, distinct error
  • Tested multiple sme-* scopes — all fail with the same message
  • Registered a brand new application and reproduced the same error
  • Tested directly in the browser (no SDK or middleware involved)
  • Old-style scopes (e.g. CompanyFile) also fail with the same error

Any help is appreciated. 

MYOB API

2 Replies

  • ac_goose's avatar
    ac_goose
    Member
    12 days ago

    Hi Isaiah_C​ 

     

    Sadly the support team said that they will update us as soon as they have more information or a fix which is not that helpful. There's no ETA on the fix and there's no way to further escalate this issue with them.

  • Isaiah_C's avatar
    Isaiah_C
    MYOB Moderator
    13 days ago

    Hi ac_goose,

     

    Hopefully another developer in the community can jump in and share what they’ve seen here. If not, feel free to reach out to the support team through the MYOB Developer Centre / API Support Centre here: developer.myob.com.

     

    Regards,

    Sai 

Looking for something else?

Search the Community Forum for answers or find your topic and get the conversation started!

Community home

Related content