We've all been there, you're just getting started with connecting to the MYOB APIs and you've hit this rather pesky little error. It looks something like:
Rest assured you are not alone with this one, and while it's a pain, 99% of the time it's really simple to resolve.
Most common cause - trailing slash on redirect url
The most common cause of this error, is to do with the redirect_url as it must match exactly what you entered when registering the app.
In the example above the redirect url is https://mydomain.io/myob which has no trailing slash. Can you spot what we've done wrong in the Postman image below?
Yes, that's right, we've added a / to the end. This is our leading cause of this issue.
Double encoded redirect url
This one is a little more tricky, and is the most common cause of the invalid_request error when exchanging the authorization code for an access token (steps 4 and 5 here).
When exchanging the code, you need to POST x-www-form-urlencoded data to the server. All to often people will take the code as it comes off the URL (which is urlencoded) then think "ah, I have to encode this and the redirect url, and POST it." They then proceed to do that and add the content-type header of x-www-form-urlencoded and this results in multi-encoded elements. And the dreaded invalid_request error.
To resolve this:
- Always decode the authorization code from the url
- Always prepare your body using non-encoded content
- Always set your content-type header to x-www-form-urlencoded and let that do the final encoding of the data.
That's it, this issue shouldn't be too hard to resolve.