Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > Wrapper libraries >

New .Net wrapper, private app authentication

Started by Martin Steel -   in Wrapper libraries

I asked this a week ago to Xero API support (api@xero.com) as recommended on the developer website and eventually got a reply last night saying ask here - cheers for the speedy helpful response.

I’m trying to create an invoice in Xero using the new c# wrapper. I’m using the PrivateAuthenticator class from your the sample application with Consumer key & secret and a pfx key file.

Pfx file was generated using openssl following the instructions at http://developer.xero.com/documentation/advanced-docs/public-private-keypair/

When trying to make a request I get the following:
Xero.Api.Infrastructure.Exceptions.UnauthorizedException : oauth_problem=signature_invalid&oauth_problem_advice=Failed%20to%20validate%20signature

I’ve compared the consume key and secret and certificate thumbprint being used in the PrivateAuthenticator.GetSignature method and they match those setup up in the Xero Developer Centre. Is there any way to work out what’s causing the request to fail?

To rule out a problem with my code I've also cloned the Xero.API git repository added my key as a pfx file in place of the missing public_privatekey.pfx file and ran the CoreTests.Integration.Invoices.InvoicesTest.simple_create_works unit test. This fails with the same error. Again stepping in to the GetSignature method shows the consume key and secret and the certificate thumbprint match those on the Developer Centre.
I've also generated a new private key and cert using a different OpenSSL install (and uploaded this) and generated a new consumer key and secret. These still give the same error.

Martin Steel  

Try using the nuget package

Henzard Kruger  

There isn't a NuGet package (or at least there wasn't a couple of days ago). Only the old wrapper is available on NuGet and http://developer.xero.com/code-samples/libraries/using-the-xero-api-with-c/ recommends against using the old wrapper.

Martin Steel  

Hi Martin

Just ran the tests against live use entries like this.

<add key="BaseUrl" value="https://api.xero.com"/>
<add key="ConsumerKey" value="MyKey"/>
<add key="ConsumerSecret" value="MyToken"/>
<add key="SigningCertificate" value="resources\cert\public_privatekey.pfx"/>

I've just followed the same steps you outlined.

Richard Rowley (Xero Staff)  

That's exactly what I've done and as I said I've compared the consume key, consumer secret and certificate thumbprint in the PrivateAuthenticator.GetSignature method and they match those on the Xero developer centre. The values in the GetSignature method couldn't possibly match if they were configured incorrectly.

As I originally asked could you give me some ideas how to work out what's causing the error?

Martin Steel  

Just to dig in to this issue some more, I've used the same consumer key, consumer secret and certificate from a perl script and it works absolutely fine. It definitely looks like something to do with the .NET wrapper/sample code.

Martin Steel  

Sorry to hear you are having issues with this. This code has been working for many people for several months before we released it. Looks like there is a problem, but we have not been able to reproduce it here.

Good to hear that other methods are working for your key/token combination.

The signing code is done by the Dust library we are using. You could run his tests with your key/token/cert. You will need Fitnesse.

We had a pull request to fix an issue with the realm. You could try our latest code from this morning and see if that helps you.

Richard Rowley (Xero Staff)  


I'll happily send over my certificate and keys to you so you can troubleshoot the issue (using Perl isn't going to work for me it was just to check they were valid).

Martin Steel  

Hi Martin

we hope we have tracked the solution down. It was something in our signing. Thanks for the patience.

You can try the latest version. Here is an explaination,

Richard Rowley (Xero Staff)