Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > API Authentication >

403 Forbidden when loading X509Certificate2 from a file

Started by Phil Bernie -   in API Authentication

We're trying to get our application to work with the Partner Authorisation process however we're having a few issues.

We are currently hosting our application on appharbor and as such, we can't install the client certificates on the server so we need to read them from a file, similar to the console application in the Xero Sample application.

I've modified the PartnerApplicationRunner class to user our consumer key and certificates but I get an error every time I try and call GetRequestToken()

I've modified the PartnerApplicationRunner to look like this:

private const string UserAgent = "USER_AGENT";
private const string ConsumerKey = "OUR_CONSUMER_KEY";

//This is the public certificate I uploaded in our application
private static readonly X509Certificate2 OAuthCertificate = new X509Certificate2(@"C:\Certs\certfile.pfx");

//This is the certificate I downloaded from the entrust site via firefox
private static readonly X509Certificate2 ClientSslCertificate = new X509Certificate2(@"C:\Certs\XeroEntrustCert.p12", "password");

Then, in the CreateRepository() method, I can create a new XeroApiPartnerSession without issue, but then when I try and call:

IToken requestToken = consumerSession.GetRequestToken();

It always throws a 403 forbidden exception.

Some other notes:

- I can see that the consumerSession.ConsumerContext has populated both the Key and PrivateKey values correctly

- When I step through and check the ICertificateFactory I can see that it's returning the XeroEntrust certificate

- If I step through to the DefaultConsumerRequestRunner and inspect the webRequest I can see that the ClientCertificates collection has the XeroEntrust certificate in there.

As far as I can tell, everything is being populated properly but I still seem to be getting a 403 forbidden every time I try and make a request.

Any information on why this is happening or what I might be able to try to rectify this problem would be greatly appreciated.
Official Xero Reply
Xero will begin to deprecate Entrust Certificates for Xero Partner Apps in 2017


Sidney Maestre (Community Manager)