Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > API Authentication >

401 at ExchangeRequestTokenForAccessToken

Started by Byron Walker -   in API Authentication

Im writing a test to check out the authentication mechanism. Here is the code..

public class XeroServiceTests : MockTest
public void can_authorise()
var session = new XeroApi.OAuth.XeroApiPublicSession("<My App>", "<My Key>", "<My Secret>");
var requestToken = session.GetRequestToken();
var accessToken = session.ExchangeRequestTokenForAccessToken(requestToken, requestToken.Verifier);


I receive the following error at the call to ExchangeRequestTokenForAccessToken.

The consumer was denied access to this resource.
----> System.Net.WebException : The remote server returned an error: (401) Unauthorized.

Can someone explain what Im missing or doing wrong?

@Byron, I think you've missed out a couple of steps between getting the request token and exchanging it for an access token. Between these two steps, the use must authorise the request token - by logging into Xero and selecting which organisation they wish to give access.

After getting the access token, you can generate a url that you should navigate the user towards:

string authorisationUrl = consumerSession.GetUserAuthorizationUrlForToken(requestToken);

In a ASP.Net environment, you can call "Response.Redirect(authorisationUrl)", in a Win Forms or console app, you can call "Process.Start(authorisationUrl)".

There's a good set of pages provided by Yahoo that explains how the authorization flow works: http://developer.yahoo.com/oauth/guide/oauth-auth-flow.html


Dan Barratt (Xero Staff)