Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > API Authentication >

403: Forbidden - Authentication Unsuccessful

Started by Hayley Edwards -   in API Authentication

I'm trying to access the Employees API via Apps Script however I keep receiving a 403 forbidden response to the code in the GitHub link. I'm currently trying to exchange the authorisation code for the access token but it's not working, any suggestions why?

Hi Hayley,

I've taken a look at your script and can see some changes you'll need to make.

From what I can see in our internal logs, your requests are reaching our gateway and then being rejected for auth reasons. The main reason being that no TenantId is being supplied correctly.

In this block where your service has access and you're trying to make the request to the employees endpoint, you'll want to remove the Xero-Correlation-Id header and instead pass the TenantId in as the Xero-Tenant-Id header, essentially like your apiCall function does.


Matthew Mortimer (Xero Staff)  

Hi Matt,

Thanks for your quick response!

I've updated the Tenant ID with the correct code, is there anything else I need to change in order to be granted authorisation?

Do I need to create a public / private key pair for this application?



Hayley Edwards