Forum Discussion

CPSVu's avatar
CPSVu
6 years ago

Invalid request getting access token

I have been trying to get the MYOB access code using my API keys for two days to no avail...

 

I got the access code from `https://secure.myob.com/oauth2/account/authorize`, passing my client_id (API key), redirect URI (URL encoded), scope. At first I got  the "DeveloperInactive" error but by adding `x-myobapi-key` in the headers (the same API key as in client_id) that has gone away.

 

Now I have a different problem. Using the `code` from previous, I created this get_access_token script (in python)

```

data = {
'client_id': 'q[redacted]y',
'client_secret': 'Z[redacted]z',
'scope': 'CompanyFile',
'code': 'Wkb[redacted]', # what I got from the previous step
'redirect_uri': '[redacted]',
'grant_type': 'authorization_code'
}

headers = {
'Content-Type': 'application/x-www-form-urlencoded'
}

resp = requests.post(url, data=data, headers=headers)
print(resp.content)
```
 
this simply returns `'{"error":"invalid_request"}'`
 
I am new to this process and I'm not sure how the request can be invalid. I have tried many combinations of the redirect_uri and the code being url_encoded or not. I simply want to access the company files. Hope someone can enlighten me. Thanks.
  • CPSVu's avatar
    CPSVu
    6 years ago

    I figured it out. I'll leave the solution here for users who may run into the same issue.

     

    I used a very dodgy method of retrieving the code without a web socket, which was using a Chrome extension to modify headers of my access code request in order to log in (which requires browser). Then I got the code directly from Chrome's URL bar. This means the code is URL encoded, hence my invalid request. I decoded the URL and send the request again (with a similarly unencoded Redirect URI) and got the access token.

     

    I had to do the "Chrome-based modified-header request" thing because I was only trying to log in as a developer, not using any web interface for users with a public facing URL that could be redirected to. Could not find any existing solution for it. It would help if MYOB support could chime in with a better solution to retrieving the code. 

  • CPSVu's avatar
    CPSVu
    6 years ago

    I figured it out. I'll leave the solution here for users who may run into the same issue.

     

    I used a very dodgy method of retrieving the code without a web socket, which was using a Chrome extension to modify headers of my access code request in order to log in (which requires browser). Then I got the code directly from Chrome's URL bar. This means the code is URL encoded, hence my invalid request. I decoded the URL and send the request again (with a similarly unencoded Redirect URI) and got the access token.

     

    I had to do the "Chrome-based modified-header request" thing because I was only trying to log in as a developer, not using any web interface for users with a public facing URL that could be redirected to. Could not find any existing solution for it. It would help if MYOB support could chime in with a better solution to retrieving the code. 

Looking for something else?

Search the Community Forum for answers or find your topic and get the conversation started!

Community home

Dig into MYOB Academy for free courses, learning paths and live events to help build your business with MYOB.