Headers

  Date Updated: Jun 1st 2014

With the two APIs (desktop and cloud) we have worked hard to keep the differences between them at bay. All our endpoints and calls are the same, making it really easy to have apps work in either environment. The only thing you need to tweak between the two are the headers you set to talk to the apis.

Cloud & oauth

HeaderTakes
Authorization:Bearer [OAUTH_ACCESS_TOKEN]
x-myobapi-cftoken:[Base64Encode(username:password)]
x-myobapi-key:[dev_key]
x-myobapi-version:v2
Accept-Encoding:gzip,deflate

accept-encoding: is recommended to compress the data returned from the server reducing download size

An example of this could look like:


Authorization: Bearer [OAUTH_ACCESS_TOKEN]
x-myobapi-cftoken: ABCta353c5R6YXRvcjo=
x-myobapi-key: [API_KEY_HERE]
x-myobapi-version: v2

Note: 'ABCta353c5R6YXRvcjo=' in above is example only, replace with your OWN credentials

Working locally?

HeaderTakes
Authorization:Basic [Base64Encode(username:password)]
Or  x-myobapi-cftoken:[Base64Encode(username:password)]
x-myobapi-key:[dev_key]
x-myobapi-version:v2

An example using the Authorization header:


Authorization: Basic ABCta353c5R6YXRvcjo=
x-myobapi-version: v2

The recommended method is this example using the x-myobapi-cftoken: header:


x-myobapi-cftoken: ABCta353c5R6YXRvcjo=
x-myobapi-version: v2

Note: 'ABCta353c5R6YXRvcjo=' in above is example only, replace with your OWN credentials

If-None-Match and HTTP Etag

Compare ETag for current version of a resource

ETag is returned across all our endpoints as part of the response headers and can be used in conjunction with If-None-Match as a way to check if a collection list or individual resource has changed.

The Etag response header looks like ETag: "-1674987083"

To query this through our request headers, pass like so If-None-Match: "-1674987083"

If the collection or individual resource hasn't been modified based on the request made, 304 Not Modified with an empty body is returned, if the resource has been modified 200 success code along with the resource is returned.

If-Modified-Since

If-Modified-Since for contact collection

The If-Modified-Since request-header is used to make conditional calls to our contact endpoints checking if the requested contact resource has not been modified since the time specified in this field.

To query this through our request headers, pass like so: If-Modified-Since: Fri, 21 Mar 2014 02:51:32 GMT

If the contact resource hasn't been modified based on the request made, 304 Not Modified with an empty body is returned, if the resource has been modified 200 success code along with the resource is returned.

Note: condititonal calls are only valid for an individual contact resource with the date format HTTP-date.

The Company files

Accessing with 'Username | Password'

Each company file in MYOB AccountRight Live has the ability to carry a username and password to authenticate the file users. When accessing the company file via the API (regardless of desktop or cloud) you must pass the Username and Password for the company file as a Base 64 Encoded string - this is known as Basic Authentication. Many languages have a function called Base64Encode(Useranme:Password).

Note: you must put a : between the username and password.

The desktop accepts the company file (cf) credentials in base64 encoding in either the basic Authorization header, or a customer x_myobapi_cftoken header.

The cloud requires three elements in the header with the basic Authentication header carrying the OAuth token, the x_myobapi_cftoken taking the company file credentials in base64 encoding and the x_myobapi_key taking the developer key

Sandbox Files

Sandbox Company File Credentials

If you are working against the provided Sandbox Files, the following credentials should be used:

Username: Administrator
Password: (just leave this blank)

As described above you'll need to base64 encode this. Here's a quick sample of what this looks like using php's built in base64_encode() function.


$username = 'Administrator';
$password = '';
base64_encode($username.':'.$password);

Resources

Need a little more help with Authentication? Check out some of these handy online resources.