MYOBCommunity
Partner Zone
|
|
Partner Zone

No authorized applications issue

9 REPLIES
Valued Partner Triboss
69 Posts
Valued Partner
Triboss
Valued Partner

69Posts

41Kudos

10Solutions

Re: No authorized applications issue

This link has the required info about refreshing the token:

http://developer.myob.com/api/accountright/api-overview/authentication/

Alexey
1 Post
Cover User
Australia
Alexey
Cover User

1Posts

0Kudos

0Solutions

Re: No authorized applications issue

Hi @KeranM,

 

Would you pbe so kind and post the api endpoint (or sdk class/method) which I should use to do a token refresh ?

Experienced Partner kiwinode
19 Posts
Experienced Partner
kiwinode
Experienced Partner

19Posts

5Kudos

2Solutions

Re: No authorized applications issue

This was very useful to me - thanks 👍

Partner BrankoPedisic
3 Posts
Partner
Australia
BrankoPedisic

3Posts

1Kudos

0Solutions

Re: No authorized applications issue

Keran,

 

Brilliant! Thanks so much for the detailed response, makes perfect sense now.

 

You've made our day (and hopefully others coming up with the same problem).

 

API Evangelist KeranM
299 Posts
API Evangelist
Australia
KeranM
API Evangelist

299Posts

94Kudos

56Solutions

Re: No authorized applications issue

Ahh yeah common confusion when working with OAUTH 

 

Step 1: user is presented a button (a href) in your application that takes them to 

https://secure.myob.com/oauth2/account/authorize?client_id=[YOUR API KEY]&redirect_uri=[URL_ENCODED_REDIRECT_URI]&response_type=code&scope=CompanyFile

Step 2: user is presented with MYOB login, they do this and grant permission

Step 3: user is REDIRECTED back to your app, with a ?CODE= in the URL, which you capture and decode

Step 4: You take this code and POST a body of content (client id, secret, code etc) to (content type application/x-www-form-urlencoded)

https://secure.myob.com/oauth2/v1/authorize

 Step 5: the server will exchange that CODE for an ACCESS_TOKEN and REFRESH_TOKEN

** NOTE: if this fails during development and you are testing, then you need to repeat steps 1 through 4 - once you have the access_tokens you won't need to repeat those steps, UNLESS access is revoked for some reason **

Step 6: You make calls to the API with the ACCESS_TOKEN

 

REFRESH:

Step 7: Should the ACCESS_TOKEN expire (it only lives 20 mins) you will need to get a new one. So you use the REFRESH_TOKEN, to say to the server "Hey, I have permission to access this, here's my refresh token, can I have a new Access_token"

Step 8: The server will respond with a new ACCESS_TOKEN and a new REFRESH_TOKEN. Save the refresh token for future access and use the ACCESS_TOKEN now

 

You store the refresh token, and use that as the starting point for any future communications between your app and the MYOB API. Your client/user is only involved the first time, and that allows them to make the connection and explicitly grant permission for your app to talk to their business data.

 

This is the same as connecting Instagram to Facebook, Twitter etc Smiley Happy

 

Hope that makes sense for you

Keran McKenzie
Futurist in residence @MYOB

Are you a developer? Check out http://developer.myob.com
Looking for an Add-on? Check out http://myob.com/addons/

Twitter: @myobapi | @keranm
Partner BrankoPedisic
3 Posts
Partner
Australia
BrankoPedisic

3Posts

1Kudos

0Solutions

Re: No authorized applications issue

Hi Keran,

 

Thanks for the speedy reply, I really appreciate it.

 

What you say makes sense, we'll give that a go this morning and let you know here how we go.

 

Regarding your comment on getting a fresh code each time; as per the api documentation relating to obtaining the access code (which I'm assuming is what you mean by getting a fresh code each time/call):

The first step for this is getting an access code & you do this by having your app user login to their my.MYOB account. Of course because it's OAUTH your app is not allowed to ask for a users my.MYOB credentials, instead you redirect them to our secure.myob.com login page here:

 

https://secure.myob.com/oauth2/account/authorize?client_id=[YOUR API KEY]&redirect_uri=[URL_ENCODED_REDIRECT_URI]&response_type=code&scope=CompanyFile

I was hoping that this would be a once-off thing. We are tasked with creating a service that integrates/automates the updating of specific transactions in AccountRight - and having the user required to authorize the application each time the scheduled task is executed is not the desired solution.

 

Should we be using a different method in this case? Is there any way that we can integrate with AccountRight via the API in an autonomous way - and not requiring the client to actually click on a URL each time the task is run?

 

Hope that makes sense?

API Evangelist KeranM
299 Posts
API Evangelist
Australia
KeranM
API Evangelist

299Posts

94Kudos

56Solutions

Re: No authorized applications issue

Hi there

 

I've taken a look at your support tickets and it seems like everything is in order.

From what I can gather is you are trying to recycle the CODE each time you test. You can't do that, you need a fresh CODE each time.

 

Try that, because the rest of your code/tests look fine from the tickets you submitted.

 

MYOB uses pretty standard OAUTH 2.0 flows, and its generally pretty simple to get up and running.

The key things to watch for are:

  • You have to use a FRESH CODE each time
  • You need to URL Decode the CODE when it's given back to you 
  • You need to make sure the CODE and your REDIRECT URI are both URL encoded when you submit the request
  • You need to make sure the body is in application/x-www-form-urlencoded 
  • NOTE: the most common mistake, is double encoding the CODE & REDIRECT url

 

Hope those help

 

Keran McKenzie
Futurist in residence @MYOB

Are you a developer? Check out http://developer.myob.com
Looking for an Add-on? Check out http://myob.com/addons/

Twitter: @myobapi | @keranm
Partner BrankoPedisic
3 Posts
Partner
Australia
BrankoPedisic

3Posts

1Kudos

0Solutions

Re: No authorized applications issue

Hi Helen,

 

My collegue Jet and I have been sending tickets back and forth with you on this exact same issue. I'm hoping by posting this also in the forums that more people can comment on how to get this working.

 

We're not new to building integrations with cloud systems and authentication - however, for some reason, connecting to AccountRight is frustrating us to all ends.

 

We've gone and successfully completed the first part (getting the access code), now we are trying to do the second part - getting the access token via https://secure.myob.com/oauth2/v1/authorize

 

To test, we've tried using Postman and (as per your last suggestion) Insomnia - both yield the same dreaded "invalid_request" response.

 

We've tried adding the following to the header:

Content-Type application/x-www-form-urlencoded

And both url encoding (and not url encoding) the access code and redirect URL.

 

We've tried not adding a content-type in the header and again, url encoding (and not url encoding) the access code and redirect URL.

 

I have also triple checked that the redirect uri is exactly the same as what was registered.

 

We've done the above tests (and probably countless more variations) in both Postman and Insomnia.

 

If anyone has any insight into what we're missing or what "gotch-ya's" there are with this, I'd greatly appreciate any tips.

MYOB Moderator HelenB
276 Posts
MYOB Moderator
HelenB
MYOB Moderator

276Posts

216Kudos

62Solutions

Re: No authorized applications issue

Hi @PayDoh

 

Thanks for reaching out to us. The error `Invalid_request` is generally always caused by one of 3 things. They are

  • The redirect_uri param is encoded twice or not at all.
  • The redirect_uri param doesn't match your API key configuration.
  • One or more parameters is missing, incorrect or badly formatted.

We recommend that you check:

  • redirect_uri matches exactly your key configuration.
  • values are not double encoded when sent over HTTP.

And if in doubt, do a direct HTTP log (perhaps using tools like Runscope or Wireshark etc) to determine the exact HTTP message that is being sent to the API.

If you have any further questions, feel free to reach out to us directly at developers@myob.com.

 

Thanks

@HelenB
Helen Brophy
MYOB Developer Support Liaison

Are you a developer? Check out http://developer.myob.com
Looking for an Add-on? Check out http://myob.com/addons/
MYOB API Support Centre - https://apisupport.myob.com
Partner PayDoh
1 Post
Partner
PayDoh
Partner

1Posts

0Kudos

0Solutions

No authorized applications issue

Hi,

 

I am demonstrating MYOB API using AccountRight Live API via the .net SDK. While doing this I am able to authenticate MYOB, but not able to authorized applications I have created in my MYOB account.

 

When I tried first time I got App Listed with “Revoke access” button beside it, but accidentally I clicked on that button. After that whenever I tried to demonstrate same ,I am getting error as “Allow access to your MYOB Account? We have encountered some issue with the request, Please try again later or contact your app support -invalid request”, so now I can't get it back.

 

I have also attached screenshot of same for your reference.

 

Please help on this asap.

Screenshot.PNG
Didn't find your answer here?
Try using advanced search to find a post more easily Advanced Search
or
Get the conversation started and make a new post Start a Post