Overview
In March 2025, MYOB introduced new Scopes and depreciated old scopes. As of 1 September 2026, the legacy CompanyFile OAuth scope will be deprecated for all keys. Please update your existing integrations by this date..
Why the Change?
The new scopes ensures greater clarity, security, and alignment with MYOB’s API ecosystem. It helps differentiate scopes by system and function, and supports future extensibility.
Old vs New Scope Format
| Scopes | Functions | |
| New Scope (as of March 2025) | sme-general-ledger | This scope gives access to all endpoints under /{cf_uri} /GeneralLedger/. For example, {cf_uri}/GeneralLedger/TaxCode, /{cf_uri} /GeneralLedger/Account etc |
| sme-sales | This scope gives access to all endpoints under /{cf_uri} /Sale/. For example, /{cf_uri}/Sale/Invoice, /{cf_uri}/Sale/Invoice/Service etc. | |
| For the full list of scopes, see: Scopes Reference | ||
| Old Scopes | CompanyFile |
The CompanyFile scope will be deprecated for all keys from 1 September 2026. Please update your existing integrations by this date. This scope will give you access to all of the MYOB AccountRight files in a users account, including access to all endpoints. |
| la.global | This scope is now deprecated for all API keys. This scope will give you access to all of the MYOB Essentials files in a users account, including access to all endpoints. | |
Required Action for Developers
- When you are building your auth url, make sure to include all the scopes for the endpoints your application will access.
- Make sure to include valid scopes only
- Example:
https://secure.myob.com/oauth2/account/authorize? client_id=YOUR_CLIENT_ID& redirect_uri=YOUR_REDIRECT_URI& response_type=code& scope=sme-company-file sme-general-ledger sme-sale& prompt=consent
Scope Validation
- Scopes must be explicitly listed in your GET request to https://secure.myob.com/oauth2/account/authorize.
- If an invalid or old-format scope is included, the authentication request will fail.
From the Authoriser’s Perspective
- The scopes defined in the OAuth2 authorization URL determine what data the user (Authoriser) is granting access to.
- These scopes will appear on the consent screen, prompting the Authoriser to approve access to the listed data types (e.g., contacts, sales, company file).
Need Help?
For more information or examples:
- MYOB Business API Scope Reference
- Contact our support team via API Support Request
Comments
0 comments
Article is closed for comments.