1

This only happened in the past few days that I am having this issue but only for getting an Item. I can get contacts and get branding themes. Therefore, tenand id is working and accesstoken.

This is the endpoint when i'm getting item:

https://api.xero.com/api.xro/2.0/Items/SHO B 100 S

Response:

{
    "Type": null,
    "Title": "Forbidden",
    "Status": 403,
    "Detail": "AuthenticationUnsuccessful",
    "Instance": "94aa22f4-6ba1-43f6-8f76-699befb1b1f3",
    "Extensions": {}
}

And this is the scope:

offline_access accounting.transactions openid profile email accounting.contacts accounting.settings

I am not sure what had changed but everything is working except getting an item. Please tell me how can I fix this and what causes the issue. Thank you so much in advance.

Jen143
  • 815
  • 4
  • 17
  • 42
  • Looking at that endpoint, you appear to have spaces towards the end which should surely not be there? If there are spaces in the item code, does it work any differently if you URL-encode it? Though I wouldn't have expected a 403 if that was the case. – droopsnoot Jan 14 '21 at 09:21
  • What is the role of the user you are using? Getting items is limited to particular user roles, e.g. - adviser, standard,subscriber – TResponse Jun 29 '22 at 20:11

1 Answers1

0

Couple of things you can confirm to debug this.

  1. You have a valid, refreshed access_token (Can you make api calls to any other endpoints? is the JWT's "exp" > than current time?)
  2. Did you add the scope after you generated the initial token? (To test, completely clobber the token set, and re-generate a new one going through the OAuth2 flow)
  3. The query looks correct. The screenshots are when I query an item with a code that exists and doesn't. You should get a 404 if not found not a 401 so I def think its something in #1 or #1

enter image description here

enter image description here

SerKnight
  • 2,502
  • 1
  • 16
  • 18
  • Yes refresh token is correct as I can get access token from it and as I said above I can query Contacts and Branding Theme using same access token. Only in getting item having this error. – Jen143 Jan 14 '21 at 01:00
  • I'd encourage you to delete the token entirely and regenerate the OAuth2 flow ensuring you have the items scopes https://developer.xero.com/documentation/oauth2/scopes – SerKnight Jan 15 '21 at 16:10