Windows Mobile app
AccountRight Live API
To demonstrate how to handle the authorisation process i.e. handling the process where a user allows your application to access their MYOB Company File data hosted "in the cloud".
Before running this application on a device or emulator it is necessary to register an application (use
http://desktop as the Redirect Url) and then amend the supplied
client_secret in the Configuration.cs file.
It is assumed the developer examining this code is familiar with .NET development on the windows phone platform, however the ideas tested here can be easily transferred to other platforms.
This is not a full application and may require extra error handling to make it production ready; contributions from the community will be accepted.
First it is necessary to get the user to grant your application access to their data, this process eventually leads you to a stage where you will have a OAuth token that can be used to access the AccountRight Live API (see Getting Started Documentation).
The sample application uses a hosted browser to extract a code from the returned HTML once the user has granted your application access to their data (see
OAuthLogin_Navigated in MainPage.xaml.cs.)
Once you have a code it it necessary to use that
code to fetch an OAuth token that you can use to make requests to the users company files.
This is done by making a request to
https://secure.myob.com/oauth2/v1/authorize as detailed in the Authentication documentation (see OAuthRequestHandler.)
Now that we are in possesion of an
OAuth Token we can use this token to make requests against the AccountRight Live API. The token is used in the Authorization header (see ApiRequestHandler) along with other headers such as
x-myobapi-cftoken to access the api.
We recommend that when accessing the API that you attempt to use compression in your requests to improve performance and to reduce the data delivered to your clients; this is especially important on mobile devices where bandwidth and data download limits apply. Use the header Accept-Encoding set to gzip in your requests and check for the header
Content-Encoding set to gzip in the response.