Xero Failed to Validate Signature

Question

I have created a Xero partner app and I have been asked to renew my Entrust Certificate. When I POST to oauth/RequestToken, I get this error:

oauth_problem=signature_invalid&oauth_problem_advice=Failed%20to%20validate%20signature

Here are the steps that I took:

1. I downloaded the P12 Entrust Certificate from Xero.
2. In certmgr, I imported the P12 certificate into my personal certificate store.
3. I right clicked the certificate. I clicked all tasks and export.
4. I said do not export the private key.
5. I exported the file as a CER.
6. I logged into developer.xero.com and I clicked apps.
7. I uploaded the CER in the form and clicked save.

Are there any additional steps I must take?

Answer 1

I think where you went wrong is at stage 5.

The entrust cert isn't supposed to be uploaded into the developer portal.

The .cer file you upload into the developer portal conatins your public key and is used to decode the signature you provide on your API calls. This signature is signed by your application using the private key associated with it. If the certs are mismatched (which they will be now that the API is trying to decode with the wrong public key), you will recieve the "Failed to validate signature" error you are seeing.

You will want to either

1. Re-upload the previous .cer public key file you used for your application originally, as it will match the private key you are currently signing with (unless you changed this also)

2. Regenerate a new public/private key pair as described here: https://developer.xero.com/documentation/advanced-docs/public-private-keypair, upload the new .cer public key into the developer portal, and use the new private key in your application