0

I am having problems correctly installing the OAuth certificate required for Xero partner integration on IIS 7.5 on Windows Server 2008 R2. There used to be guidance from Xero on this at http://developer.xero.com/documentation/advanced-docs/using-partner-applications-with-iis/ but the page just 404s now.

I've installed the certificate to the Trusted Root Certifications Store as per the prior Xero advice, and my code can retrieve the certificate (using its serial number); but when I try to access the private key, I get a CryptographicException: Keyset does not exist error, which other SO posts suggest is a permissions error (my application runs under a dedicated service account), but all those posts assume the certificate is installed in the personal certificate store - the TRC store does not give me the option of granting permissions to the service accounts or any other account.

David Keaveny
  • 3,904
  • 2
  • 38
  • 52

1 Answers1

2

I think that page used to give information about installing an Entrust client certificate as partner applications in the past needed to use one. You don't need to use a client certificate these days and partners should instead direct their traffic to "https://api.xero.com" instead of "https://api-partner.network.xero.com".

You also don't need to install your oAuth certificate as that certificate is used only for signing your requests.

MJMortimer
  • 865
  • 5
  • 10
  • The trouble is that I am currently limited to using the deprecated XeroAPI.NET library (https://github.com/XeroAPI/XeroAPI.Net); the guidance from Xero is that just removing the Entrust certificates from the request and updating the URL should be enough, but I'm still getting the above exception. – David Keaveny Oct 04 '17 at 00:58
  • These changes were what I had to make to get a partner app running against the "api.xero.com" site for the example console app https://github.com/XeroAPI/XeroAPI.Net/compare/master...partner_changes_console_app . Your changes with need to be something similar I would assume – MJMortimer Oct 04 '17 at 02:02
  • Yes, that looks about what I ended up doing too. – David Keaveny Oct 04 '17 at 12:06