Thank you for visiting our Partner Zone. This area is an exclusive space for MYOB Partners. Find out how to Partner with MYOB.
3 weeks ago - last edited 3 weeks ago
Hi there @gihan,
It sounds like a great use for setting up user roles within your company files. We have a help guide on how to do this in-product: http://help.myob.com/wiki/display/ar/Set+up+roles
The x-myobapi-cftoken header is how you login to a given file, and we have a best practice guide for company file authentication (http://developer.myob.com/api/accountright/best-practice-guides/company-file-authentication/) that may help you implement this workflow.
Hope this helps!
3 weeks ago
Thanks a lot for your detailed response and guide me in the right direction.
Is it possible to store multiple tokens for multiple company files belong to different serial numbers in the same token file and retrieve when required to make a call?
What I want to do is create a generic service account inside each of the company files with just enough permission to read company information (ABN) and Employee Data, Payroll report data with other reference data required for payroll. Does this account needs to be as same as developer login ID or can it be a different one?
Then perhaps I can develop a configuration screen (to be used by a tech operator who'll install and configure the app I'm developing) where it lists all company files, which this generic service account has access to. And then prompts to select and login into each file once and save the resulting tokens in a central file, obviously with an indicator to identify which tokens belong to which company file to be used later with subsequent API calls when retrieving actual payroll data.
Let me know if I'm stepping in the right direction with this or not.
3 weeks ago
Thanks for reaching out to us and welcome to the community forum. Your customer will always have to use OAuth, You could use an initial standalone configuration page/screen to complete the OAuth steps. Behind the scenes, however, you could securely store the access and refresh tokens for accessing the API. When an access token expires, simply refresh it (see refresh tokens in our docs). The refresh/access token API call to secure.myob.com does not require the user to login - it uses the refresh token to generate a new access token.
Both access and refresh tokens have expiries (access tokens are generally 20 minutes while refresh tokens are usually months/years); so yes they have expiries like sessions, but they should still work for a headless/CLI app such as what you're building.
Overall this means that you should:
• Oauth once, and exchange the access code for access/refresh tokens
• Securely store the access/refresh tokens for your headless app/sync/CLI tool.
• Continue using that access token until just before expiry
• Refresh the token (using the refresh token) and store the new access/refresh token.
• Rinse and repeat.
If you have any further questions, feel free to reach out to us at firstname.lastname@example.org.
4 weeks ago
I'm new to this forum and using Live API so apologies in advance if this has been answered previously, but I couldn't find a correct answer searching through the forum.
I'm trying to develop a console application using .Net SDK to extract Payroll data from several company files which are placed online. And this application needs to run on a weekly schedule automatically without any user interaction or intervention.
In this scenario how to authenticate to online company file avoiding the prompting of the online MYOB login page (Oauth2 login) to get an access token to be used in subsequent API calls? Can this step also be automated using online user credentials stored in a secure configuration file?
I tried the C# and VB.Net sample applications and got them working in my dev environment to connect to local files without Oauth2. I assume when using Cloud flag (Oauth2), it would still require an end user to login using the Oauth2 login screen first to grant an access token to the app.
Is it possible to setup a common service login across all company files and use this login in the program to authenticate against the live API?
Solved! Go to Solution.