Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > API Authentication >

Set oauth_callback Failed when calling RequestToken

Started by Sandra Eastman -   in API Authentication

Hi All

I'm trying to integrate Xero with our product. I managed to call https://api.xero.com/oauth/RequestToken endpoint and get the token back successfully without the oauth_callback set.

When I tried to add the callback url in my request, I received error: oauth_problem=signature_invalid&oauth_problem_advice=Failed%20to%20validate%20signature. I checked the OAuth 1.0a Callback Domain in my Public App config page is setup already.

The signature string I used is as below, if I remove the oauth_callback from oauth_parameters, I could get oauth_token back with no isssue.

const oauth_parameters = oauth_callback + oauth_consumer_key + oauth_nonce + oauth_signature_method + oauth_timestamp + oauth_version;
const signatureBaseString = method + "&" + encodeURIComponent(BaseURL) + "&" + encodeURIComponent(oauth_parameters);
Can someone advice how should I sign the request with oauth_callback set?
Hi Sandra,

I am unsure how you are experimenting with the Xero integration.

We have found that it is easier to get clarity about the process to get an oAuth session established by doing it first through Postman. This enables you to set all the parameters, call the end points and see the raw responses come back. When you get the sequence down pat your new understanding makes it suddenly a lot easier to convert the steps into code.

There are several sessions recorded about Xero and Postman, I suggest you start here https://devblog.xero.com/de-mystifying-oauth-1-0a-with-postman-66cb257da7d9

I hope you get it sorted soon.

PS After you know the oAuth authentication steps you can find code that creates a valid signature in the Xero API examples on GitHub.


Rob de Voer