Forum Discussion

Mike_James's avatar
Mike_James
Ultimate Cover User
23 days ago

"Redirect URIs now need to use a secure https:// URL" (April 2026)

Authorising a new connection from our app has failed with a "something went wrong".

 

API support advise:

 

We’re tightening validation around the web address your app uses to receive users back from MYOB after they grant access. Redirect URIs now need to use a secure https:// URL on a supported, registered hostname.

If your app is still using an http:// redirect URI, localhost-style address, desktop/internal hostname, or any non-public callback address, the consent step may appear to proceed, but the final connection back to the app can fail with a generic message such as “unable to connect, something went wrong”.

 

Could you please check the redirect URI registered for the app and confirm it is using:

https://

a valid registered hostname

a publicly reachable callback URL

an exact match to the redirect_uri sent in the OAuth request

 

I was not aware of this change, nor can I find any reference to it on this forum, developer.myob.com or apisupport.myob.com. Can anyone provide evidence?

 

4 Replies

  • Mike_James's avatar
    Mike_James
    Ultimate Cover User
    21 days ago

    We have now resolved this with the assistance of our domain provider, but I'm still looking for an answer as to where the https:// requirement is documented. We used http://desktop for several weeks after the recent scope changes.

  • Mike_James's avatar
    Mike_James
    Ultimate Cover User
    19 days ago

    I am advised by API support as follows:

    • Validation of the redirect url has indeed been tightened quite recently
    • This has not been communicated ahead of time
    • Consideration is being given to proper communication and documentation

    So even after the events of August 2024 (when unannounced changes to the IAM resulted in access to many 3rd party apps being lost), prior communication of changes to all developers and proper documentation is still regarded as unnecessary? 

     

     

     

  • The_Doc's avatar
    The_Doc
    Ultimate Cover User
    13 days ago

    Hi Mike

    Yep I remember August 2024 and everyday wonder, what next from MYOB - notwithstanding 17 June no longer support for local MYOB files - which typically are MS Access databases running the local 8080 api call that will now scrabble to find developers to get them online - as I have just taken on-board a desperate client in such a position - the dbase developer long gone.

     

    Anyways - the subject above is interesting - I have used the redirect http://desktop since Noah sailed into Sydney harbour and still do - and all my apps are still working - I have a test utility I built in Access to download all my clients file UIDs under my dev profile - and then I can test a connection by prosecuting the customer endpoint for their file - and a successful download of their customer table is proof all works.

     

    I did that lastnight and it still works perfectly as do all my apps - however, there maybe a reason - in the August 24 MYOB changes the redirect never returned a web page - as the previous did - and that was the cause of the MYOB cluster ***** August 24 - I however found the return access token in the heading not the redirect and altered all my code to grab that - maybe that is the reason.....

     

    So to apply the updated redirect instructions I need a registered legit domain name as a redirect? 

    Thoughts?

     

    Regards The Doc

  • Mark_DataWise's avatar
    Mark_DataWise
    Contributing User
    12 days ago

    Hi Doc

     

    We solved the problem by contacting our Website company ( Webwidgets in nz ). They set up a cached page on our site.  Very simple process for them.

    We now redirect to it and all works perfectly. I do like your solution but MYOB may not.

    Cheers Mark 

Looking for something else?

Search the Community Forum for answers or find your topic and get the conversation started!

Community home

Related content