XeroAPI - Invoice Attachment access forbidden

Question

Stack: Laravel, XeroPHP

I cannot access the Invoice attachments because I am getting a ForbiddenException:

You are not permitted to access this resource

I am already connected to the API and I am fetching the Invoice data but when I call the Invoice attachments endpoint this exception is being thrown.

I believe there is something I am missing on another layer and not here. Perhaps it's something on the Xero account side? I am using the Demo Company user and its predefined data there (as well as some new invoices created on top of it by my side).

When I hit:

https://api.xero.com/api.xro/2.0/Invoices/InvoiceIDHere/ - I get the results

But when I hit:

https://api.xero.com/api.xro/2.0/Invoices/InvoiceIDHere/Attachments

I am getting:

{
    "Type": null,
    "Title": "Unauthorized",
    "Status": 401,
    "Detail": "AuthorizationUnsuccessful",
    "Instance": "instance_id_here",
    "Extensions": {}
}

Xero Laravel:

There is a predefined relation called attachments and when I call $invoice->attachments I am getting the exception from the first paragraph above... However I call $invoice meaning I have the data to the Invoice and there is no Auth problem, but the problem occurs when trying to access the attachment...

Is there anything I am missing from the Xero Account setup (permissions or sth) or the issue is on my side?

Answer 1

Also,enter image description here you need to pass the "Xero-tenant-id" field in the header as per the below screenshot

Answer 2

Sounds like you may be missing some scopes during your authentication step.

If you want to read attachment data, you'll need to request the 'accounting.attachments.read' scope. If you also want to create/update attachments, you should request the 'accounting.attachments' scope instead.