The MYOB Transactions API can only be used with MYOB Business company files. Please note, the authentication flow for these endpoints is different from that of the MYOB Business API, as the usage of these endpoints is restricted to development partners listed as trusted Bank Feed providers.
Upon the completion of the registration process, you will receive a client id and password. Each client id is unique and is the identifier of your institution. These details should be stored securely and never be shared.
The client credentials are used for exchanging an access token from id.myob.com/oauth/token. These access tokens need to be present in the header of each request to our Transactions API, as we use it to identify the institution. Any request without these token will be refused access.
A POST request to https://id.myob.com/oauth/token returns you an access token for accessing the Transactions API.
The following parameters are required in the POST request:
Request header
Request body
Request example
curl --location --request POST 'https://id.myob.com/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'audience=transaction-api' \
--data-urlencode 'grant_type=client_credentials'
--data-urlencode 'client_id={client_id}'
--data-urlencode 'client_secret={client_secret}'
Once you have your tokens, you can make any call to the API by simply passing the following header along with any call to Transaction API.
'Authorization: Bearer [ACCESS TOKEN]'
Token response example
{
"access_token": "ey[TRUNCATED_FOR_READABILITY]mu",
"token_type": "bearer",
"expires_in": "1200",
"expires_on": "1683454045",
"issued_at": "1683450445",
"resource": "transaction-api",
"scope": "tapi.onboarding tapi.transactions"
}