We often get the following questions when getting started.
- What is the process for registering for API access?
- I have successfully registered for API access, what should I do next?
- When registering for an API key, what specific information should I provide?
- Which details do I need to pass for authentication?
To assist with these common queries, we have developed a getting started guide. This guide offers a broad outline of the essential tasks that must be accomplished prior to establishing a connection to the company file through the API.
Developer Access
An API key is needed to access the online MYOB API. In order to create an API key you will need to register for API access.
You can register for the MYOB developer program HERE.
Our Open Access program provides free access to the MYOB Business API (AccountRight + Essentials) and lets you create up to two API keys.
If you want to have a look at all of our plans you can see the Developer programs here.
Register for keys:
Once you've registered for API access and your developer account has been created, you will need to log into MY.MYOB to register for your API key and secret.
Once logged into My.MYOB Select your developer client I.D on the top right-hand side (only applies if you have multiple accounts) Then select the developer tab which will now be visible.
Please note: your developer client I.D is unique to your application and is provided in the welcome email.
Once the developer tab is selected you will need to select Register App and enter details into the below fields.
App Name:
- Enter the public name of the application you are registering. This is the name people will see on the screen during the Allow Access process. The App Name should be a name they are familiar with.
Redirect Url:
- This is the location where the authorization server sends the user once the app has been successfully authorized and granted an authorization code or access token.
- For mobile or desktop apps you can use http://desktop as the URL
- Please note: Any website address must be HTTPS;//
Website Address (not mandatory) :
- What is the URL for your website
Description (not mandatory):
- A short description of your solution
Once you select register app this will return you with your API KEY and SECRET.
Authorisation:
Now you have obtained your API keys you can go ahead and complete authorisation. We use OAuth 2.0.
Getting access code:
https://secure.myob.com/oauth2/account/authorize?client_id=&redirect_uri=&response_type=code&scope=CompanyFile
'client_id' // (API Key)
'redirect_uri' // (What you entered into MY.MYOB)
'response_type' // code
'scope' // CompanyFile
Please note: The code is for one-time use only, If an error is returned you will need to start the process again and obtain a new code.
Getting an Access Token:
https://secure.myob.com/oauth2/v1/authorize/?client_secret=&redirect_uri=&client_id=&Code=
'client_id' // your API Key
'client_secret' // your API Secret
'scope' // this should say CompanyFile
'code' // the Access Code you just got (one time use only)
'redirect_uri' // your redirect URL
'grant_type' // this should say authorization_code
Access tokens have a limited life span, when you receive your tokens you'll also receive an expiry time. Once your access token expires it can no longer be used to access the API. So you'll need to trigger a refresh within the time frame (generally around 20 minutes). You do this by POSTing the following parameters:
https://secure.myob.com/oauth2/v1/authorize
'client_id' // your API Key
'client_secret' // your API Secret
'refresh_token' // your refresh token
'grant_type' // this should say refresh_token
Please view the below support notes for a more in-depth look at Oauth
How to complete end-user Authorisation
Connecting to the API
Once you have completed Oauth we can go ahead and connect to the API
Headers:
Header | Takes |
---|---|
Authorization: |
Bearer [OAUTH_ACCESS_TOKEN]*¹ |
x-myobapi-cftoken: |
[Base64Encode(username:password)] |
x-myobapi-key: |
[dev_key] |
x-myobapi-version: |
v2 |
Accept-Encoding: |
gzip,deflate |
Please note: If the end-user has enabled Single sign on you will not be required to pass x-myobapi-cftoken:
Base endpoints:
http://localhost:8080/accountright/
http://[IP ADDRESS OF COMPUTER TO ACCESS]:8080/accountright/
https://api.myob.com/accountright (Will show the list of company files you have been invited to)
If you have any questions, feel to log a ticket with the Customisation & Integration Team.
Comments
0 comments
Article is closed for comments.