Pay attention to the error message displayed on the screen. This will happen if any of the parameters are incorrectly set on your authorize url e.g.
The Xero-tenant-id header is missing, incorrect or isn't authorized for use with this access token. This could be because:
{ "title": "Forbidden", "status": 403, "detail": "AuthenticationUnsuccessful", "instance": "65e420cd-796c-493b-8f52-5eae2ee667ce" }
If the client_id or client_secret you pass in are incorrect then you will receive this response.
{ "error": "invalid_client" }
To solve this error, make sure you have the correct credentials for your app. Double check your client id in My Apps and try generating a new secret if required.
If you don't pass in a grant_type of authorization_code then you will get this response.
{ "error": "unsupported_grant_type" }
To solve this error, include grant_type=authorization_code as a parameter in the body.
You might get this error for a number of reasons
{ "error": "invalid_grant" }
The only way to solve this error is to get the user to re-authorize so you can get a new authorization code.
{ "error": "unauthorized_client" }
All API communication using OAuth 2.0 requires TLS 1.2 or higher. Any requests using TLS 1.1 or lower will receive a 403 Forbidden error with the following html in the response body:
<HTML> <HEAD> <TITLE>Access Denied</TITLE> </HEAD> <BODY> <H1>Access Denied</H1> You don't have permission to access "https://api.xero.com..." on this server.<p> Reference... </BODY> </HTML>