Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > Getting Started >

Passing customer key in c# WPF application

Started by Andrew Gilmore -   in Getting Started

Hi,

Am trying to connect to Xero API from within our WPF c# application, but I'm getting an invalid Key message back. Your support desk have verified the key is valid, so assuming it's a problem with how I'm passing within my code.

In common with other integrations I am trying to connect via a HttpClient() request as per code snippet below. Can you see anything wrong with this approach or Syntax I am using? If I need to use another methodology please point me in the direction of a C# WPF example.

using (var client = new HttpClient())
{
try
{
var baseUrl = "http://api.xero.com/api.xro/2.0";
var key = "VALIDKEY";
var secret = "VALIDSECRET";
client.DefaultRequestHeaders.Add("ConsumerKey", key);
client.DefaultRequestHeaders.Add("ConsumerSecret", secret);
client.BaseAddress = new Uri(baseUrl);
client.DefaultRequestHeaders.Accept.Clear();

client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/xml"));

var result = client.PostAsXmlAsync(url, xeroAccount).Result;
if (result.StatusCode.ToString() == "OK")
{........

Many thanks!

Andrew

Hi Andrew,

Your base url should be https. Could you try changing that and see if it gets you any further?

Thanks,

Russell
 

Russell Dear (Xero Staff)  

HI Russell,

Thanks for coming back to me. I tried changing to https (I had tried this before also), but either way I get same response I'm afraid:

auth_problem=consumer_key_unknown
auth_problem_advice=Consumer key was not recognised

Any further ideas / suggestions?

Thanks

Andrew
 

Andrew Gilmore  

Hi Andrew,

It looks like you might just be adding your consumer key and secret as headers into your request to the API. The API uses the OAuth v1.0a specification for its authentication, so there are a couple more steps that need to be followed.

If you're creating a private application, follow the steps here: https://developer.xero.com/documentation/auth-and-limits/private-applications

For a public application, go here: https://developer.xero.com/documentation/auth-and-limits/public-applications

We strongly recommend using one of our SDKs to interact with the API - it'll save you having to worry about auth details. Have a look here for details: https://developer.xero.com/documentation/libraries/using-the-xero-api-with-c

Hope that helps,

Russell
 

Russell Dear (Xero Staff)  

Hi Russell,

It's taken a while, but I've now swung back round to this and installed and am using your SDK as recommended, which all seems to have installed OK.

I have installed the publickey.cer file and successfully linked it to my Private APP Events500 and can view the all information regarding the App Credentials & Public Key Certificate on the registered Events500 app in my XERO Developer account.

However, can you point me in the direction to complete the final bit of authentication required and what it is that is EXACTLY required as a minimum as I think you are supporting different methodologies, but I just need the most basic that works!
I have tried numerous variations on the code below, but could you either let me know where am I going wrong or point me DIRECTLY at a relevant c# example with all authentication code working. PLEASE, PLEASE do not just point me back to:
https://github.com/XeroAPI/Xero-Net or similar as I have spent hours now trying to find anything relevant from here!




 

Andrew Gilmore  

Based on your character limit I am having to split my post, so code and error messages are broken out below
 

Andrew Gilmore  

Authentication code:
PrivateAuthenticator xeroAuthenticator = new PrivateAuthenticator("C:\OpenSSL\bin\publickey.cer", "XXXXX");
public PrivateAuthenticator(string certificatePath, string certificatePassword)
{
_certificate = new X509Certificate2();
_certificate.Import(certificatePath, certificatePassword, X509KeyStorageFlags.MachineKeySet);
}
 

Andrew Gilmore  

Calling the app:
var private_app_api = new Xero.Api.Core.XeroCoreApi("https://api.xero.com/api.xro/2.0/", xeroAuthenticator,
new Consumer("XXXXX", XXXXX"), null,
new DefaultMapper(), new DefaultMapper());
private_app_api.Create(XeroInvoice);
 

Andrew Gilmore  

The error being returned each time is:

Value cannot be null.
Parameter name: key
Stack Trace : at System.Security.Cryptography.RSAPKCS1SignatureFormatter..ctor(AsymmetricAlgorithm key) …..

Should I be supplying my ConsumerKey when I request the certificate file? If so I don't see an option to supply a parameter for this?
Secondly I am not passing a user name and am struggling to work out how to do this, again could you please provide code example of how to do this.

I am comfortable that the XeroInvoice object I am trying to pass is valid as I can view the Invoice XML in Fiddler and all fields / data look good to me.
 

Andrew Gilmore  

Hi Andrew,

The path you supply when you instantiate the PrivateAuthenticator object should be your public/private key ('public_privatekey.pfx' if you've used the commands on https://developer.xero.com/documentation/api-guides/create-publicprivate-key ). It looks like you might just be supplying your public key, based on the above code.

Thanks,

Russell
 

Russell Dear (Xero Staff)  

Hi Russell,

Thanks for your help. Yes that seems to be getting us further. I am now getting the error: "The organisation for this access token is not active".

I am trying to post the Demo company, but is this issue down to my trial account for Xero expiring? I only have an account for development purposes for my client (Asia House in London), so how can I renew this without having to purchase a full license?

Secondly per earlier question, do I need / how do I specify an IUser within my post?

Thanks again, looks like we are getting there!

Andrew
 

Andrew Gilmore  

Hi Andrew,

You can create as many trial organisations as you like - you'll need to go to https://my.xero.com/ to create one, and then create a new private app for that organisation, and then copy the new consumer key & secret over to your application's config file.

Requests via the API are made in the context of the authorised application, rather than a user, so you don't need to pass a user with your request.

Thanks,

Russell
 

Russell Dear (Xero Staff)