With the two APIs (desktop and online) we have worked hard to keep the differences between them at bay. All our endpoints and calls are the same, making it really easy to have apps work in either environment. The only thing you need to tweak between the two are the headers you set to talk to the apis.
| Header | Takes |
|---|---|
Authorization: | Bearer [OAUTH_ACCESS_TOKEN]*¹ |
x-myobapi-cftoken: | [Base64Encode(username:password)] |
x-myobapi-key: | [dev_key] |
x-myobapi-version: | v2 |
Accept-Encoding: | gzip,deflate |
accept-encoding: is recommended to compress the data returned from the server reducing download size
*¹ This isn't a required header during Postman collection environment connection as it's pre-coded to auto capture tokens.
An example of this could look like:
Authorization: Bearer [OAUTH_ACCESS_TOKEN] x-myobapi-cftoken: ABCta353c5R6YXRvcjo= x-myobapi-key: [API_KEY_HERE] x-myobapi-version: v2
Note: 'ABCta353c5R6YXRvcjo=' in above is example only, replace with your OWN credentials
| Header | Takes |
|---|---|
Authorization: | Basic [Base64Encode(username:password)] |
Or x-myobapi-cftoken: | [Base64Encode(username:password)] |
x-myobapi-key: | [dev_key] |
x-myobapi-version: | v2 |
An example using the Authorization header:
Authorization: Basic ABCta353c5R6YXRvcjo= x-myobapi-version: v2
The recommended method is this example using the x-myobapi-cftoken: header:
x-myobapi-cftoken: ABCta353c5R6YXRvcjo= x-myobapi-version: v2
Note: 'ABCta353c5R6YXRvcjo=' in above is example only, replace with your OWN credentials
ETag is returned across all our endpoints as part of the response headers and can be used in conjunction with If-None-Match as a way to check if a collection list or individual resource has changed.
The Etag response header looks like ETag: "-1674987083"
To query this through our request headers, pass like so If-None-Match: "-1674987083"
If the collection or individual resource hasn't been modified based on the request made, 304 Not Modified with an empty body is returned, if the resource has been modified 200 success code along with the resource is returned.
The If-Modified-Since request-header is used to make conditional calls to our contact endpoints checking if the requested contact resource has not been modified since the time specified in this field.
To query this through our request headers, pass like so: If-Modified-Since: Fri, 21 Mar 2020 02:51:32 GMT
If the contact resource hasn't been modified based on the request made, 304 Not Modified with an empty body is returned, if the resource has been modified 200 success code along with the resource is returned.
Note: condititonal calls are only valid for an individual contact resource with the date format HTTP-date.
Each company file in MYOB AccountRight has the ability to carry a username and password to authenticate the file users. When accessing the company file via the API (regardless of desktop or online) you must pass the Username and Password for the company file as a Base 64 Encoded string - this is known as Basic Authentication. Many languages have a function called Base64Encode(Useranme:Password).
Note: you must put a : between the username and password.
The desktop accepts the company file (cf) credentials in base64 encoding in either the basic Authorization header, or a customer x_myobapi_cftoken header.
The cloud requires three elements in the header with the basic Authentication header carrying the OAuth token, the x_myobapi_cftoken taking the company file credentials in base64 encoding and the x_myobapi_key taking the developer key
Need a little more help with Authentication? Check out some of these handy online resources.
Copyright © 2020 MYOB Technology Pty Ltd