Search code examples
xero-apixero

Get access token for Xero with API calls


I created account without verification via auth app on a phone, because with that I wont be able to automate it. So first I followed this instruction here

What I did is:

Step 1: Generated link just like described in step 1, so when I do all I should in return get code and state (parsing it from url), so in response let say I got

state=123456
code=vcciFJW_bFTjodGQnNUk7BIr-EoSBQSktn-cNUGdDjY

Step 2: With using restassured, I call POST https://identity.xero.com/connect/token URI to get access token. So my request look like:

Request method: POST
Request URI:    https://identity.xero.com/connect/token
Proxy:          <none>
Request params: <none>
Query params:   <none>
Form params:    <none>
Path params:    <none>
Headers:        Authorization=Basic <here my generated base54 encoded data>
                Accept=*/*
                Content-Type=application/x-www-form-urlencoded; charset=ISO-8859-1
Cookies:        <none>
Multiparts:     <none>
Body:
{
  "grant_type" : "authorization_code",
  "redirect_uri" : "https://developer.xero.com/",
  "code" : "vcciFJW_bFTjodGQnNUk7BIr-EoSBQSktn-cNUGdDjY"
}

Which return to me

400
{"error":"unsupported_grant_type"}

Any particular reason for that ? Why would I need to do that is basically we have postman collection to fill data for testing, but we'd like to create a job for that instead without having collections in postman and running it manually.

UPDATED (after some changes due to error with request I made):


    Request method: POST
    Request URI:    https://identity.xero.com/connect/token
    Proxy:          <none>
    Request params: <none>
    Query params:   <none>
    Form params:    grant_type=authorization_code
                    code=3_Lli3YQYPyFlf_RoZJGRVE5iPGCeo-H9ta9htdr8ec
                    redirect_uri=https://developer.xero.com/
    Path params:    <none>
    Headers:        Authorization=Basic <base64 encoded string>
                    Accept=*/*
                    Content-Type=application/x-www-form-urlencoded; charset=ISO-8859-1
    Cookies:        <none>
    Multiparts:     <none>
    Body:           <none>
    400
    {"error":"unauthorized_client"}

Problem solved, issue was with redirect_uri, I used uri without / at the end when logging and use uri with / when call token endpoint. In Troubleshooting page written that URLs must be equal


Solution

  • Problem solved, issue was with redirect_uri, I used uri without / at the end when logging and use uri with / when call token endpoint. In Troubleshooting page written that URLs must be equal