Using oauth1.0a two-legged flow, must sign request using RSA-SHA1. Need advice!
Having issues with authentication for Xero accounting software.
Note: Using a “Private App” that uses a pre-configured x509 .cer certificate keypair which is manually supplied for the “Authorized App”. No token request/exchange is required as in this configuration the Consumer Key act’s as a permanent token. Valid requests must use RSA-SHA1 to sign a request that includes a multitude of parameters in specific order and then the signature calculation is passed as parameter in an authorization header string along with the usual suspects (oauth_timestamp, oauth_nonce, oauth_consumer_key, oauth signature_method, oauth_token [same as consumer key], etc.). Postman doesn’t support RSA-SHA1 anymore, but I’ve confirmed the format required for the string to sign that makes results in a valid request by manually signing and creating the proper authorization header.
The second to last post here details the string to sign structure:
Found a nice oauth resource here:
Thanks in advance, I’m in a bit of a time crunch!