OAUTH with PHP
Why OAuth?
The AccountRight Live API uses a couple of steps of authentication to ensure that people working with our customers company data files are trusted.
The steps are:
- First: as a developer you require an API KEY and SECRET
- Next: your app needs to allow the user to grant you permission to access their company files
- Next: you need to get an Access Token (and refresh token) from the MYOB OAUTH server
- Lastly: you use the token to request company files, which the user needs to log into individually
class.myob_oauth.php
We've created the base of a class we'll extend over time. This basic class will do all the heavy lifting for you and make it much quicker and simpler for you to get going.
Before using the class you will need to redirect the user to the MYOB my.myob login. Once they've logged in, they will be redirected to the URL you registered your KEY with, and a code will be supplied that you use for requesting an access token.
https://secure.myob.com/oauth2/account/authorize?client_id=[YOUR API KEY]&redirect_uri=[YOUR REDIRECT URI]&response_type=code&scope=CompanyFile
Note: the redirect uri MUST match the url you supplied when you registered
To use simply, include the class, create the object and call the apropriate functions.
include_once('includes/class.myob_oauth.php');
$oauth = new myob_api_oauth();
$oauth_tokens = $oauth->getAccessToken($api_key, $api_secret, $redirect_url, $api_access_code, $api_scope);
Suggestions
We would love it if someone would help us round our our class.myob_oauth.php right now it's been quickly put together to get you up and running, it's missing most of the normal error checking, and is pretty primiative.
Do you know how to write a really robust OAUTH interface class? Feel free to fork this project and add to it.