Unable to get the list of employees in xero, getting 401 unauthorized

Question

I'm using postman to test my integration before putting it in my code to get list of payroll employees NZ and perform actions.

I have all the necessary scopes:

openid profile email offline_access assets.read files.read payroll.employees.read payroll.payruns.read payroll.payslip.read payroll.timesheets.read

I get the bearer token and am using that in the API https://api.xero.com/api.xro/2.0/employees

However, after first few tries when I got 200 but actually didn't return any employees (my Demo company has employees, I can see it in the UI), after 5 tries, I started getting 401

    "Type": null,
    "Title": "Unauthorized",
    "Status": 401,
    "Detail": "AuthorizationUnsuccessful",
    "Instance": "9e7b7d3e-5663-4c1e-8c7e-604674b3eb7f",
    "Extensions": {}
}

I have looked at jwt.io and I can clearly see the scope existing

Can you guys help me? I can clearly see I'm using the correct xero-tenant-id and bearer token, yet unable to move ahead.

score 0 · Answer 1 · answered Jun 22 '23 at 08:08

0

The error related to the instance id you quote is:

[UNAUTHORISED] No scope match. Scopes on JWT: "["email","profile","openid","payroll.employees.read","payroll.payruns.read","payroll.payslip.read","payroll.timesheets.read","files.read","assets.read","offline_access"]" Required scopes: "accounting.settings accounting.settings.read"

It looks like you are using the accounting API employees endpoint instead of the NZ payroll API. The endpoint you are using is for the deprecated payrun function that predates the current Xero payroll.

Please can you use https://api.xero.com/payroll.xro/2.0/employees

Here is a link to the documentation: https://developer.xero.com/documentation/api/payrollnz/overview/#urls

answered Jun 22 '23 at 08:08

sallyhornet

364
2

Sorry, whenever I hit https://api.xero.com/api.xro/2.0/employees --> I'm getting 401, hence it's not in the history. I tested out invoices just to see if my scope for invoice is good, that works. I was using the documentation above – Pavanraotk Jun 22 '23 at 09:05
Actually realized the URL is different, when I use the URL you gave, I get a 403 forbidden. – Pavanraotk Jun 22 '23 at 09:10
I'm following the postman collection here https://developer.xero.com/documentation/sdks-and-tools/tools/postman/ I am using this to generate the token (Get Started), pasting the scopes as mentioned. – Pavanraotk Jun 22 '23 at 09:11
The new instance Id in response is `0ecc6640-b6c2-4572-be10-8d1db061d422` where I get 403. – Pavanraotk Jun 22 '23 at 09:14
The error for the latest id is No active connection found for UserId: xxxxxxxxx, ClientId: xxxxxxxx, TenantId: xxxxxxx (I have replaced the actual values with x for security reasons). It looks as though the tenant id is incorrect in your call. As you are using the demo company it may be that the demo reset and this regenerates a tenant id. Please can you make a GET connections call in Postman before you make the call to ensure that you use the correct tenant id – sallyhornet Jun 23 '23 at 14:37

Unable to get the list of employees in xero, getting 401 unauthorized

1 Answers1