Forum Discussion

Stuart_W's avatar
Stuart_W
MYOB Staff
23 days ago

Reminder: Update your MYOB Business API integrations by 1 September 2026

Hi Everybody,

 

MYOB is strengthening its app ecosystem by upgrading integration endpoints to enhance data privacy and security. 

 

From 1 September 2026, all developers using the MYOB Business API will need to:

  • Update their integrations 
  • Adopt granular data scopes 
  • Ensure end users consent via the new flow 

Moving to granular scopes give developers more control over the data they request, making it easier to build integrations that deliver the best customer experience and take advantage of new features as they become available. 

What’s changing on 1 September 2026 

From 1 September 2026, the CompanyFile scope will be removed from the MYOB Business API scope list. Any new consent or authorisation request that still uses CompanyFile will fail. Developers will need to update their integrations to use the new granular data scopes.

 

To keep services running for customers, developers must ensure their applications request the appropriate granular scopes and that customers complete the updated consent flow. If these changes are not made by the deadline, affected integrations will be disrupted.

 

To avoid disruption to customer integrations or any impact on your developer program status, you must complete these updates by 1 September 2026.

 

More information about granular data scopes and the required changes is available below.

 

MYOB Business API Overview: Granular Data Scopes

 

If you have concerns about these timelines or need support to meet them, please submit a support request. If you’d prefer to speak to us directly, click here to book a time that suits you.

 

Thank you for partnering with us to improve data security, transparency, and customer trust across the MYOB app ecosystem. Kind regards, The MYOB Team

19 Replies

  • Mike_James's avatar
    Mike_James
    Ultimate Cover User
    8 days ago

    DavidDNCS​ , there is no other option, to authorise file access you must be a file admin. Your client can give you that role temporarily, and even make your file access read-only until authorisation is complete. (The authorisation from your app will still work).

     

    That error message could also relate to an invalid redirect. There are much stricter rules about redirects now, as the API support write to me:

    “validation of the redirect URI has been tightened. As a result, non-HTTPS, localhost-style, or internal hostnames (like http://desktop) may now be rejected during the final redirect step after consent. When that happens, it surfaces as a generic “unable to connect, something went wrong” message, which is what you were seeing”. (This strict application was not notified.

  • DavidDNCS's avatar
    DavidDNCS
    Contributing Cover User
    8 days ago

    Hi MYOB Developer Team

    I have just become aware of this issue.  I do not seem to be receiving any important updates from the MYOB Developer team, does MYOB actually email the MYOB Developers registered email addresses about really important changes to their API ?  I have searched through my emails and cannot see any communication about this.  I fortunately was reviewing my post and also posting a new issue when I came across this but would have loved to know about it in November 2025 which it was launched. 

  • MarshallArts's avatar
    MarshallArts
    Experienced User
    12 days ago

    Just getting my head into this.  I've made the changes to my app's authorisation URL and I do get the MYOB page come up that spells out what is being requested and invites the user to Connect.  But when I do that I get a message that says "Something went wrong and we couldn't connect the app".  Below that it says that I need to be an administrator on the company file to be able to connect.  I'm not an admin and I'm not sure my client would want me to be an administrator - is there some mechanism in place to enable testing and development?  Is this this app connection is a one-time thing, or will it happen every time?  Can I do something in my developer account to get me past this?  The app in question is registered in my account.

  • Mike_James's avatar
    Mike_James
    Ultimate Cover User
    14 days ago

    Hi cas-tag​ that is correct. Authorisation is for one file now, which is selected after submitting a request and being prompted to log in with your email/password. You must have the file admin role to authorise.

  • Currently with my.myob acting as OAuth - the auth that is provided is for the User, and thus the resources returned available for accesss are ALL companies the user has permissions for.

    In the case where a my.myob user has access to multiple companies - are they required now to select a specific company, and the code/auth returned then is only for that 1 single company, not for all companies that the user has access to (an OAuth resource flow not a user flow)?

  • Trish_Lee's avatar
    Trish_Lee
    Experienced User
    23 days ago

    Hi Stuart, 

    Well, done on getting this out there so early :-) Is this already in place so that I can test and start releasing to Clients?

    Thanks

    Trish