We have been authorised to access the Xero Practice Manager (XPM) API and have run the OAuth authentication flow successfully.
I am trying to retrieve the list of XPM current invoices as detailed here: https://developer.xero.com/documentation/api/practice-manager-3-1/invoices/#get-current
When I make the call:
https://api.xero.com/practicemanager/3.1/invoice.api/current
as per the documentation, I get a 401 response code with response payload:
{"Type":null,"Title":"Unauthorized","Status":401,"Detail":"AuthorizationUnsuccessful","Instance":"91d7...40f","Extensions":{}}
As mentioned above the OAuth authorisation flow succeeds and the user has all rights available within XPM itself. And, calls to other XPM endpoints return data as expected, so I'm confident this is not a straight permissions issue.
To me it seems like it is likely a scope issue, but the scopes specified in the authentication flow covers all the XPM scopes listed in the documentation: https://developer.xero.com/documentation/guides/oauth2/scopes/#practice-manager-account-scopes
offline_access practicemanager.client practicemanager.job practicemanager.staff practicemanager.time
To summarise:
Is there something I missing here? How can I retrieve data from the XPM API Invoices endpoint?
Any guidance very much appreciated!
Response received from the Xero Support team.
The scope needed to be amended to include the base "practicemanager" and/or "practicemanager.read"