Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > API Authentication >

Python, private application signature fail

Started by Jules Stevenson -   in API Authentication

Hi All,

We're trying to hook up our internal windows, Python based internal invoicing system to xero as a private application. I've been attempting to use the python api example to communicate with the xero api but am coming up against:

"oauth_problem=signature_invalid&oauth_problem_advice=Failed to validate signature"

what I've read online regarding this issue gets pretty heavy and I'm unsure if this is due to Python, or the openSSL generation (although that's pretty much copy and paste from the website), my knowledge of web programming is ok, but I'm far from an expert in this field (sorry).

The code I'm using is a simplified version of the python api example (please check the pastebin link below):

http://pastebin.com/Ss5D8aqy


The call for the request is as follows:


[code]

xml = """<Invoice>
<Type>ACCREC</Type>
<Contact>
<Name>ABC Limited</Name>
</Contact>
</Invoice>"""
xml = urllib.quote(xml.encode('utf8'))
xero = arkInvTools.XeroPrivateClient("###################################", "#################################","C:/ark/privatekey.pem")
response, content = xero.request("https://api.xero.com/api.xro/2.0/Invoices", method="POST", body=xml, headers={"Content-Type":"application/x-www-form-urlencoded; charset=utf-8"})
print response, content

[/code]

Where the first two arguments of the request call are the key and secret to our application set-up on our demo company. The third argument is the private key generated using windows openSSL (64bit) as per the instructions on the xero website. The public key has already been uploaded to the application. Am I correct in thinking that the pfx file is not required for this process?

There is a good chance that I'm misunderstanding something vital with how to use the generated certificates, but any information would be gratefully received.

Many thanks,

Jules
As a small update, xero support have checked out the certificate files and seem to think they are ok. As far as I can see, the python code above looks ok. I'm wondering if the compile I made of m2cyrpto is possibly the culprit (amd64 2.6), but it throws no errors.

Any further information gratefully received.
 

Jules Stevenson  

And another update, I have just tested a 32 bit pre-compiled version of m2crypto with the corresponding openssl dlls on a xp32 bit machine. It still gives me the same problem, leaning me towards ruling out any issues with m2crypto.
This would suggest that there's something wrong with my code, or the client signature method. Is anyone else using the python wrapper to successfully authenticate a private application?
 

Jules Stevenson  

I finally resolved the issue, as with most things, it was a very foolish mistake. After trawling through oath2 and with some very valuable help from Wayne Robinson, I realised that it was simply down to the xml I was passing in. I was missing 'xml=' from the beginning of the call.

ie.

xml = """<?xml version="1.0" encoding="UTF-8"?><Invoice>...

rather than:

xml = """xml=<?xml version="1.0" encoding="UTF-8"?><Invoice>...

Hopefully this will help anyone else making a similar stupid mistake...

It's also worth pointing out that: oauth2.httplib2.debuglevel = 1, is very helpful :).

Cheers, Jules
 

Jules Stevenson  

Thanks for sticking with it Jules, glad you got there.
If you think you have any code that might be of use to anyone, maybe you can drop a line to api@xero.com and we will see if we can put it in our code samples page?
 

Ronan Quirke (Community Manager)