1

Working with Xero API

Authorization callback returns org, which should correspond Organisation's ShortCode for which Xero user allowed access.

In callback org value is BFtWATeLda24OXh2Yv-FLG but Organisation's ShortCode is !hvw0y, which obviously does not match.

Other possible field that could be matched

  • OrganisationId - 29e0fd2c-15da-409e-8462-1ac28b9f8f55 no match
  • ApiKey - QIBVL4B2BBDNE5WBADGFHZEQYR6SXM no match

I wonder how can i link value org callback parameter to Organisation in Xero.

Using Xero API .NET Core client

tchelidze
  • 8,050
  • 1
  • 29
  • 49

1 Answers1

1

Is it named the org_muid? If so, that value returned in the oauth call is actually a one way mapping of the OrganisationID. It's a legacy property from before the OrganisationID was returned from the organisation endpoint that is still returned as the removal of it could cause breaking changes for those who use it as the identifier in their token databases.

MJMortimer
  • 865
  • 5
  • 10
  • no, not `org_muid`. 3 parameters are returned into a callback, `org`, `oauth_token` and `oauth_verifier` – tchelidze Dec 05 '17 at 20:51
  • I've taken a look now and have confirmed that the value returned in the oauth callback for the org parameter is the same as the org_muid value returned when receiving an access token (swapping the authorised request token for an access token) – MJMortimer Dec 06 '17 at 01:59
  • do you know how can i get organisation details based on `org_muid` ? – tchelidze Dec 06 '17 at 11:50
  • You can't unfortunately. As I said, it's a legacy property returned only on those oauth requests. I assume they have been used by developers in the past as a way to identify a request token in a data store that has been swapped for an access token (so that the request token can be removed) but that's also just speculation – MJMortimer Dec 06 '17 at 20:48
  • very bad. then how can i know for which organisation i have gained access, if user has multiple organisations ? – tchelidze Dec 06 '17 at 21:12
  • 1
    Make a request against the [Organisation endpoint](https://developer.xero.com/documentation/api/organisation) using the access token you just received. The access token gives you access to only the organisation the user authorised. – MJMortimer Dec 06 '17 at 21:50