Complete Developer Guide: OAuth 2.0 Authorization Code Flow in MYOB Acumatica

November 25, 2025 4 min read
OAuth authorization flow diagram showing MYOB Advanced exchanging authorization code and access token between app and user.

Introduction

MYOB Acumatica (formerly MYOB Advanced Business) is MYOB’s flagship cloud ERP built on the Acumatica platform.

It offers powerful financial, operational, inventory, and project management capabilities and exposes modern REST APIs with OAuth 2.0 for secure integration.

This guide explains how to implement the OAuth 2.0 Authorization Code Flow for MYOB Acumatica, including configuration steps, token generation, and best practices.

👉

For businesses building deep integrations across MYOB products, see our full offering here: MYOB Integration Services

.

Prerequisites

Ensure you have:

  • Administrative access to your MYOB Acumatica tenant
  • HTTPS (SSL/TLS) enabled
  • Logged into the correct Company/Tenant
  • Permission to create a Connected Application
  • Knowledge of your Company ID (required in MYOB Acumatica OAuth formatting)

Integration Options with MYOB Acumatica

MYOB Acumatica supports multiple OAuth flows.

The recommended option for all modern integrations is the Authorization Code Flow.

1. Authorization Code Flow

Best suited for:

  • Web applications
  • SaaS apps integrating with MYOB
  • Multi-user external integrations
  • Apps requiring refresh tokens

How it works:

  1. User logs in via MYOB Acumatica
  2. System issues an authorization code
  3. Your app exchanges the code for Access Token + Refresh Token
  4. Tokens are stored securely for API access

Why prefer this flow?

  • Most secure
  • Supports refresh tokens
  • Required for MYOB Marketplace apps
  • Industry-standard for 3rd-party integrations

2. Implicit Flow

Legacy flow used for browser-only apps.

MYOB Acumatica still supports it, but

  • No refresh tokens
  • Lower security
  • Not recommended for new integrations

3. Resource Owner Password Credentials Flow

This flow sends user credentials (user/pass) directly to your app.

⚠ Not recommended

Only use if integrating with legacy systems that cannot handle OAuth redirects.

Steps to Set Up Authorization Code Flow (OAuth 2.0)

1. Register a Connected Application in MYOB Acumatica Portal

Navigate to More Items → Integrations → Connected Applications

  1. Click + Add New
    MYOB Integration menu showing transactions, processes, and preferences with Connected Applications highlighted.
  2. Select Authorization Code as OAuth type
    MYOB Connected Applications screen showing new client setup with client name, active status, and Authorization Code flow selected.
  3. Save → Copy your Client ID
    MYOB Connected Applications screen displaying generated client ID with active Authorization Code flow for integration setup.

Create Client Secret

  1. Click Add Shared Secret
    MYOB Connected Applications screen showing new client setup with Authorization Code flow and option to add shared secret.
  2. Add description
    MYOB Add Shared Secret popup showing description, expiry settings, and generated secret value field for API authentication.
  3. Leave expiry blank
  4. Copy the secret value immediately

Set Redirect URI

Add the callback URL for OAuth return:


https://yourapp.com/oauth/callback
https://localhost:3000/auth
MYOB Connected Applications redirect URI setup screen showing added GenerateAccessToken API redirect URL.

2. Connecting to the Authorization Endpoint

Add a “Connect to MYOB Acumatica” button in your UI that begins the OAuth process.

Authorize connection screen with button to connect a MYOB Acumatica account for integration setup.

Your app redirects the user to MYOB Acumatica using:

Authorization Endpoint

https://yourapp.com/identity/connect/authorize

Query parameters:

  • response_type=code

  • client_id=<your_client_id> + must include the company ID suffix

    • You must use: <client_id>@<CompanyId>
    • Example CompanyId: XXXXXXX
    • How to get CompanyId? The unique identifier for the company file you are working with. You can retrieve this through the MYOB API too.
      MYOB interface showing franchise selection with Rapid Byte Head Quarters highlighted in the organization list.
    • redirect_uri=<your_registered_redirect_uri>
    • scope=offline_access

Example Authorization Request

https://mycompany.myobacumatica.com/identity/connect/authorize?


response_type=code
&client_id=01336912-1A06-810B-1F3D-E24FE3323287@AU Demo Data
&redirect_uri=https://satvasolutions.com/oauth/callback
&scope=api offline_access

3. User Logs Into MYOB Acumatica & Grants Access

  • You will be prompted to log in using your MYOB username and password.
    MYOB login page displaying tenant selection and credential fields during authentication process

  • Grant Access:

    • After entering your credentials, a screen will appear asking for permission to allow access to your application.
    • Click Allow Access to grant the required permissions.
      Calxa OAuth permission screen showing application access, web services API access, and offline access options

4. Process to Generate Access Token

  • If the user approves, Acumatica redirects back to your redirect_uri and includes:
  • After permission, MYOB redirects to your redirect_uri with:
  • ?code=<authorization-code>
  • Next, your app must exchange this code for tokens.

Exchange Code for Token:

  • Token Endpoint: https://<acumatica-url>/identity/connect/token

Query parameters:

  • grant_type=authorization_code
  • client_id=<your_client_id> + must include the company ID suffix
  • client_secret= <your_client_secret>
  • Code={{AUTH_CODE_VALUE}}
  • redirect_uri=<redirect_uri>

Token Request Example


grant_type=authorization_code
&client_id=01336912-1A06-810B-1F3D-E24FE3323287@AU Demo Data
&client_secret=YOUR_CLIENT_SECRET
&code=AUTH_CODE_VALUE
&redirect_uri=https://satvasolutions.com/

Successful Token Response Example

Acumatica ERP verifies the provided application credentials and issues the access token, which the client application should provide with each data request to Acumatica ERP.

A successful response includes the following parameters in the response body

Below is a typical JSON response:


  {
  "access_token": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "token_type": "Bearer",
  "expires_in": 3600,
  "refresh_token": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}

5. Request Data Using the Access Token

Every request must include:

Authorization: Bearer <access_token>

Example request for Account:


GET /entity/Default/18.200.001/Account
Host: Acumatica Site URL
Authorization: Bearer {{access_token}}
Postman GET request to Acumatica Accounts endpoint showing account data response with bearer token authentication.

MYOB Acumatica Developer Certification Requirements

To get official MYOB Partner Support, you need to get a developer certification via the “MYOB Academy” to understand the platform and the endpoints available.

The online API course takes around 3-4 hours to complete.

Certification Details

  • Course: API Training Certification
  • Duration: 3–4 hours (online, self-paced)
  • Platform: https://academy.myob.com/
  • To enroll, email educationteam@myob.com requesting access to the course.

Once your developer passes the certification:

  • You gain access to the MYOB Partner Support Portal
  • You can raise API-related support tickets
  • Your partner portal is activated for technical support

Our Certification

We have completed the specified API course and passed the test successfully.

MYOB Acumatica API course completion screen showing certificate notice and dashboard access options.

The purpose of completing the certification is to gain the ability to raise support cases through the MYOB Partner Support Portal.

Certification activates partner-level support access.

After completing the certification, we now have a Partner Portal account and can create support tickets here: Acumatica Partner Portal

Note: You can use the MYOB Acumatica API without any certification, API access is not restricted, and you can continue building integrations normally.

Conclusion

OAuth 2.0 Authorization Code Flow is the most secure and scalable way to integrate external systems with MYOB Acumatica.

Once configured, you can automate:

  • eCommerce → ERP
  • CRM → Sales & Financials
  • WMS → Stock & Fulfilment
  • Payroll → Accounting
  • Custom Applications → MYOB Workflows

Chintan Prajapati
Article by

Chintan Prajapati

Chintan Prajapati, a seasoned computer engineer with over 20 years in the software industry, is the Founder and CEO of Satva Solutions. His expertise lies in Accounting & ERP Integrations, RPA, and developing technology solutions around leading ERP and accounting software, focusing on using Responsible AI and ML in fintech solutions. Chintan holds a BE in Computer Engineering and is a Microsoft Certified Professional, Microsoft Certified Technology Specialist, Certified Azure Solution Developer, Certified Intuit Developer, Certified QuickBooks ProAdvisor and Xero Developer.Throughout his career, Chintan has significantly impacted the accounting industry by consulting and delivering integrations and automation solutions that have saved thousands of man-hours. He aims to provide readers with insightful, practical advice on leveraging technology for business efficiency.Outside of his professional work, Chintan enjoys trekking and bird-watching. Guided by the philosophy, "Deliver the highest value to clients". Chintan continues to drive innovation and excellence in digital transformation strategies from his base in Ahmedabad, India.