A common question for people is:
- Do I have to authorize every time I connect to MYOB?
- Can I authorize to MYOB using code?
- Why does the user have to connect to MYOB?
- Can I use the MYOB API without the user logging in?
The answer is pretty simple.
Step 1 - granting permission
MYOB makes use of OAUTH as the framework for handling user authentication. This does require the user to be involved in the process. However the user is only needed the first time, so they can explicitly grant permission.
You will provide a link in your solution that the user clicks, this takes them to an MYOB secure login. They log in and are presented with a page informing them that your application would like permission to read and write to their MYOB company file.
They click "yes" and are redirected back to your application.
Step 2 - remote access
At this point, you will now have a code you can exchange for OAUTH access tokens. From this point on the user is no longer needed. You have all you need now to read and write to the user's file, any time you require. 24hrs, 7 days a week.
The access_token gives you what you need to consume the MYOB API for the next 20-minutes.
The refresh_token gives you a way to request a new access_token after that 20-minute window. Any service that provides an OAUTH integration should provide services for refreshing the tokens.
But what about Salesforce, Integromat, Zapier, Microsft Power BI
I'm building a connection between an online web service (such as Microsoft Power BI, Integromat, Zapier or Salesforce) and I don't know how to build this connection. What can I do?
Most of these tools provide a way to integrate to OAUTH 2.0 services. It's a very common method of integration between services. If you have ever connected a service to Facebook, you have used OAUTH 2.0 as a consumer.
Some examples are: