I am using xero-node to connect to the Xero API. Following the documentation, I have
this._instance = new XeroClient({
clientId: CLIENT_ID,
clientSecret: CLIENT_SECTRET,
grantType: 'client_credentials',
scopes: ['accounting.transactions','accounting.contacts'],
});
When I then call const tokenSet = await this._instance.getClientCredentialsToken(); the scopes that are returned with the access token are app.connections marketplace.billing (neither of the two that were requested).
So I get 403 Forbidden errors whenever I try to call any of the accountingAPI endpoints that are included in the initial scope set. I've tried adding await this._instance.initialize() in before and after the call to get the access token, but it doesn't change the result.
Am I missing something from the docs (https://www.npmjs.com/package/xero-node#custom-connections and https://developer.xero.com/documentation/guides/oauth2/client-credentials)?
Any help would be appreciated.
Can you check the type of app you have created in developer.xero.com?
one reason you would get the issue would be if you have created a web app rather than a custom connection app.
Requesting tokens for a web app needs the authorization grant type.
https://developer.xero.com/documentation/guides/oauth2/auth-flow
If you have a web app and prefer to use a custom connection app you would need to create a new app as you can't change the app type once created.
If this does not help resolve your issue, please can you contact Xero Support via this form giving details of your app name and client id