Overview
Effective March 2025, only Admin users of a MYOB company file can approve OAuth2.0 authentication requests. This update enhances security and aligns with best practices for data access permissions.
What Changed?
Previously:
Any company file user could approve OAuth2.0 authentication and grant consent.
Now:
Only users with Admin-level access to the company file can complete the OAuth2.0 approval process.
Impact of Using a Non-Admin Account
If a non-Admin user attempts to authenticate:
- The consent screen will fail to authorize.
- The OAuth2 flow will not return a valid access token.
- Your integration will be unable to access the company file.
What You Need to Do
For Developers:
- Ensure the user authorizing the connection is an Admin on the company file.
- Update your documentation or UI to alert users of this requirement.
- Test authentication flows using an Admin account to verify end-to-end success.
AccountRight (Desktop or Online Library):
- Open your company file in AccountRight.
- Go to the Setup menu.
- Select User Access.
- Review the list of users and their assigned roles.
- Ensure the user you are logged in as has the Administrator role ticked.
MYOB AccountRight Example:
MYOB Business (Browser-based):
- Log in to MYOB Business at app.myob.com.
- Click the cog icon next to your business name in the top-right corner.
- Select Users and Permissions from the dropdown menu.
- Click on your username in the list.
- Check the Access — ensure it is set to Admin.
MYOB Business example:
Additional Resources
For further assistance, please contact the MYOB API Support team.
Comments
0 comments
Article is closed for comments.