Access Denied

Question

HelloI am trying to GET a list of items.I use the following code to successfully retrieve the company endpoints...&nbsp;&nbsp; &nbsp;sURL = "https://api.myob.com/accountright/[Company File GUID]"&nbsp; &nbsp;With objHTTP&nbsp; &nbsp; .Open "GET", sURL, False&nbsp; &nbsp; .setRequestHeader "Accept", "application/json"&nbsp; &nbsp; .setRequestHeader "Authorization", "Bearer " &amp; gsMYOBToken&nbsp; &nbsp; .setRequestHeader "x-myobapi-key", idsMYOBClientId&nbsp; &nbsp; .setRequestHeader "x-myobapi-version", "v2"&nbsp; &nbsp; .setRequestHeader "x-myobapi-cftoken", fEncodeBase64(gsMYOBUsername &amp; ":" &amp; gsMYOBPassword)&nbsp; &nbsp; .setRequestHeader "Accept-Language", "en"&nbsp; &nbsp; .send&nbsp; &nbsp; resptext = .responseText&nbsp; &nbsp; End With(note: the above works)&nbsp;Using the same code with a new endpoint I get 'Access Denied'...sURL = "https://api.myob.com/accountright/[Company File GUID]/Inventory/Item"Can anyone offer what is missing or in error with the code to fix this issue?&nbsp;Many thanksRuss

russb · Answer

For anyone interested, the following worked...&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; .Open "GET", sURL, False&nbsp; &nbsp; &nbsp; &nbsp; .setRequestHeader "Accept", "application/json"&nbsp; &nbsp; &nbsp; &nbsp; .setRequestHeader "Authorization", "Bearer " &amp; gsMYOBToken&nbsp; &nbsp; &nbsp; &nbsp; .setRequestHeader "x-myobapi-tenantid", gsMYOBTenantId&nbsp; &nbsp; &nbsp; &nbsp; .setRequestHeader "x-myobapi-version", "v2"&nbsp; &nbsp; &nbsp; &nbsp; .setRequestHeader "x-myobapi-key", idsMYOBClientId&nbsp; &nbsp; &nbsp; &nbsp; .send&nbsp; &nbsp; &nbsp; &nbsp; resptext = .responseText

rohank4 · Answer

Hi Russ, thanks. I have exactly the same problem. I can call some URLs, but on other typical GET endpoints I get access denied, despite following all the processes. Any idea what's going on with your change? Seems you've removed x-myobapi-cftoken and added a x-myobapi-tenantid (what's this?). Unsure why this would work, as docs suggest cftoken is required and this is the first time I have seen tenant id.

rohank4 · Answer

Confirming, that when I remove cftoken from the header, I can now access the endpoint I was trying to access (Sale/Invoice/Item/{invoiceId})
Disappointing that the cftoken is documented and added as a layer of security but breaks the api call and works without.

Forum Discussion

Access Denied

Looking for something else?

Related content

bank feeds - access is denied

Acces to file denied

Discrepancies in figures when accessing reports

Error Access is Denied

bank feed access denied

Passwords / User Access

Trouble getting Access token

Can't access prepare BAS window