Xero error: 403 forbidden when POST'ing an Invoice

Question

I'm setting up API calls to test retrieving and creating Invoices to and from Xero. I've set up the oAuth2 and I can retrieve from the Demo Co with no errors.

However, when trying a POST with the same credentials and authentication, I get:

{
    "Type": null,
    "Title": "Forbidden",
    "Status": 403,
    "Detail": "AuthenticationUnsuccessful",
    "Instance": "f60c6b6e-7f3d-4941-9a8e-654495d3e07b",
    "Extensions": {}
}

What have I done wrong? Thank you

Yes. My scopes are set to: accounting.transactions offline_access — Brett Harris, Sep 01 '20 at 10:32

score 2 · Answer 1 · answered Aug 31 '20 at 18:44

2

I'd recommend ensuring the access_token you are passing to that API call has the required scopes: https://developer.xero.com/documentation/oauth2/scopes - to POST an invoice you will need the scope accounting.transactions - to quickly check the actual scopes on a token you can decode your JWT (aka access_token) using some decryption libraries, or use the site https://jwt.io/ at your discretion.

answered Aug 31 '20 at 18:44

SerKnight

2,502
1
16
18

Thank you. Yes, My scopes are set to: accounting.transactions offline_access – Brett Harris Sep 01 '20 at 10:33
1

Cool looks like you got it sorted. Have to make sure you are passing the `xero-tenant-id` to every api call to a protected resource. – SerKnight Sep 02 '20 at 18:50

score 2 · Answer 2 · answered Sep 01 '20 at 12:08

2

Thank you for your responses. I hadn't realised that the {{xero-tenant Id}} had not been added to the Headers in POST Invoices in Postman.

Manually adding that in fixed the bug

answered Sep 01 '20 at 12:08

Brett Harris

31
3

Xero error: 403 forbidden when POST'ing an Invoice

2 Answers2