Kintsugi
Octa
Optimizely
Praiz
MYOB dominates the accounting software market in Australia and New Zealand. If your SaaS product serves businesses in the ANZ region, your customers are probably asking for MYOB integration. This guide covers authentication (including the changes MYOB introduced in March 2025), the ongoing deprecation of AccountRight Classic, and the practical details of working with the API.
If you'd rather skip the complexity of building direct integrations, Apideck offers a MYOB connector through our Unified Accounting API that handles OAuth, token management, and data normalization across MYOB and 30+ other accounting platforms.
What is the MYOB Business API?
The MYOB Business API is a REST-based JSON API for reading and writing data from MYOB AccountRight and MYOB Business company files. It works with both local desktop installations and cloud-hosted files, though the authentication flow differs between the two.
The API covers core accounting functions: contacts (customers, suppliers, employees), invoices, bills, payments, inventory, general ledger accounts, journal entries, tax codes, and payroll. It uses OAuth 2.0 for cloud file authentication and supports OData query parameters for filtering and sorting results.
MYOB has consolidated its product lines under the "MYOB Business" branding. The AccountRight and Essentials product lines are being phased out for new customers, but the API remains consistent across all three. If you see references to "AccountRight API" in older documentation, you're looking at the same API.
Why integrate with MYOB?
MYOB holds significant market share among Australian and New Zealand SMBs. For vertical SaaS products, fintech platforms, and B2B tools targeting the ANZ market, MYOB integration is often a requirement.
Consider an expense management SaaS. Without integration, users export transactions, manually create bills in MYOB, and reconcile by hand. With a MYOB integration, the app can push approved expenses directly to the ledger, create supplier records, and apply the correct tax codes automatically. Users save hours of double entry and reduce errors.
The same logic applies to invoicing platforms, payment reconciliation tools, inventory management systems, and payroll applications. Integration eliminates manual data transfer and makes your product fit into existing accounting workflows.
Registration and API keys
Before writing any code, register for the MYOB Developer Program at developer.myob.com. Registration is free and gives you access to the MY.MYOB portal where you create API keys.
Once your developer account is approved, log into MY.MYOB and navigate to the Developer tab. Register your application by providing a name and redirect URI. MYOB generates a client ID (API Key) and client secret that you use for OAuth authentication.
The redirect URI must match exactly what you register. MYOB is strict about thisāany mismatch causes authentication failures.
MYOB offers different developer program tiers with varying API call limits. The default rate limit is 8 requests per second and 1,000,000 requests per day per API key. You can only have 2 active API keys at once per developer account. Using a third key automatically deactivates one of the others, which causes confusing rate limit errors if you're unaware of this restriction.
Authentication: the March 2025 changes
MYOB overhauled its OAuth flow in March 2025. If you're building a new integration, you must use the new scopes and authentication requirements. Keys created before March 2025 still use the old scopes, but any new integration needs to follow the updated process.
New granular scopes
The old CompanyFile scope is deprecated for new API keys. MYOB now requires granular scopes that specify which data categories your app needs access to:
sme-company-fileā required for all accesssme-general-ledgerā accounts, journals, tax codessme-saleā invoices, customer payments, quotessme-purchaseā bills, supplier paymentssme-contactā customers, suppliers, employeessme-inventoryā items, locations, adjustmentssme-payrollā employee payroll details
Request only the scopes your application actually needs. The authorization screen shows users exactly what data you're requesting access to.
Admin-only authorization
As of March 2025, only administrator users of a MYOB company file can approve OAuth requests. This is a security enhancement. If your users attempt to authorize with a non-admin account, the flow fails.
Company file GUID retrieval
The old endpoint GET https://api.myob.com/accountright/ no longer returns company files for new API keys. Instead, MYOB returns the company file GUID (businessId) in the redirect URI after successful authorization.
You must include prompt=consent in your authorization URL to ensure the businessId is returned. The authorization URL looks like:
https://secure.myob.com/oauth2/account/authorize
?client_id=YOUR_CLIENT_ID
&redirect_uri=https://yourapp.com/redirect
&response_type=code
&scope=sme-company-file sme-contact sme-sale
&prompt=consent
After the user authorizes, MYOB redirects to your URI with both a code and businessId parameter. Use the code to exchange for access and refresh tokens. Store the businessId as the company file identifier for all subsequent API calls.
Token lifecycle
Access tokens expire in approximately 20 minutes. When you receive tokens, MYOB includes an expiry timestamp. Implement token refresh before expiration to maintain uninterrupted access. The refresh token request uses:
POST https://secure.myob.com/oauth2/v1/authorize
Content-Type: application/x-www-form-urlencoded
client_id=YOUR_CLIENT_ID
&client_secret=YOUR_SECRET
&refresh_token=REFRESH_TOKEN
&grant_type=refresh_token
Store tokens securely and never log them.
Key API endpoints
The MYOB Business API organizes endpoints by business function. The base URL for cloud files is:
https://arl2.api.myob.com/accountright/{company_file_id}/
For local desktop files, the API runs on localhost:8080/accountright/.
Contacts
Contacts cover customers, suppliers, and employees.
| Endpoint | Purpose |
|---|---|
/Contact/Customer | Customer records for invoicing |
/Contact/Supplier | Supplier records for bills |
/Contact/Employee | Employee records for payroll |
/Contact/Personal | Other contacts |
Contacts require a Name field at minimum. Each contact gets a unique UID that you use when creating invoices or bills.
Sales
Sales endpoints handle customer-facing transactions.
| Endpoint | Purpose |
|---|---|
/Sale/Invoice/Item | Product-based invoices |
/Sale/Invoice/Service | Service-based invoices |
/Sale/CustomerPayment | Payments received from customers |
/Sale/Quote/Item | Quotes for products |
/Sale/CreditSettlement | Credit note applications |
When creating invoices, you POST to the specific invoice type endpoint. The generic /Sale/Invoice endpoint only supports GET requests.
Purchases
Purchase endpoints mirror the sales structure for supplier transactions.
| Endpoint | Purpose |
|---|---|
/Purchase/Bill/Item | Bills for purchased items |
/Purchase/Bill/Service | Service bills |
/Purchase/SupplierPayment | Payments to suppliers |
/Purchase/Order/Item | Purchase orders |
General Ledger
Ledger endpoints provide access to the chart of accounts and financial data.
| Endpoint | Purpose |
|---|---|
/GeneralLedger/Account | Chart of accounts |
/GeneralLedger/TaxCode | Tax rate definitions |
/GeneralLedger/JournalTransaction | Posted journal entries |
/GeneralLedger/GeneralJournal | Manual journal entry creation |
/GeneralLedger/Category | Tracking categories |
Inventory
Inventory endpoints manage products and stock.
| Endpoint | Purpose |
|---|---|
/Inventory/Item | Products and services |
/Inventory/Adjustment | Stock adjustments |
/Inventory/Location | Warehouse locations |
Request headers and versioning
The API requires specific headers for all requests:
Authorization: Bearer ACCESS_TOKEN
x-myobapi-key: YOUR_CLIENT_ID
x-myobapi-version: v2
Always specify x-myobapi-version: v2. The default is v1, which lacks GUID support and causes problems. This is a common source of errors for new integrations.
For cloud files, include the company file token:
x-myobapi-cftoken: BASE64_ENCODED(username:password)
The cftoken contains the company file username and password, base64 encoded with a colon separator. For files authenticated via OAuth 2.0 with admin access, this may not be required, but older implementations and desktop files need it.
Data mapping considerations
When syncing data between your application and MYOB, keep these mapping issues in mind.
Invoice structure
MYOB supports five invoice types: Item, Service, Professional, TimeBilling, and Miscellaneous. Each has a different line item structure. Most integrations use Item or Service invoices.
Line items require references to existing inventory items or tax codes. You cannot create an invoice with inline item definitions. Fetch or create the required items first, then reference them by UID in the invoice payload.
Tax codes
MYOB stores tax rates as TaxCode objects with UIDs. Common Australian tax codes include GST (10%), GST Free, and Input Taxed. Your application needs to map its tax logic to the appropriate MYOB tax codes, which you can retrieve from /GeneralLedger/TaxCode.
Account mapping
Line items on invoices and bills link to ledger accounts. MYOB uses account numbers and UIDs. Retrieve the chart of accounts via /GeneralLedger/Account to map your categories to the correct accounts.
Currency
MYOB supports multi-currency transactions. Currency codes follow ISO 4217. If your customers use foreign currencies, check whether their MYOB file has multi-currency enabled.
Error handling and rate limits
The API returns standard HTTP status codes: 200 for success, 201 for created, 400 for bad request, 401 for authentication errors, and 404 for not found.
Error responses include JSON with error codes and messages:
{
"Errors": [
{
"Name": "ValidationError",
"Message": "The Customer UID is required."
}
]
}
Rate limiting
The default limits are 8 requests per second and 1,000,000 requests per day per API key. When you hit a rate limit, the API returns a 403 status (not 429, which can be confusing). Implement exponential backoff and retry logic.
The 29-second timeout limit means long-running queries may fail. If you're fetching large datasets, use pagination and OData filters to reduce response times.
OData filtering
The API supports OData query parameters for filtering results:
/Contact/Customer?$filter=IsActive eq true
/Sale/Invoice/Item?$orderby=Number desc
/GeneralLedger/Account?$filter=Type eq 'Asset'
Field names are case-sensitive. A common mistake is using number instead of Number or isActive instead of IsActive.
Deprecation: AccountRight Classic
MYOB is retiring AccountRight Classic (v19 and earlier) on February 28, 2026. After this date, Classic company files become read-only. Users won't be able to create transactions, only view historical data.
This matters for your integration if you support customers running older AccountRight versions. After February 2026, those files will not accept new invoices or payments via the API. Affected customers need to migrate to the current AccountRight or MYOB Business product.
The API for modern AccountRight and MYOB Business is unaffected. This deprecation only impacts the legacy Classic versions that predated the current API.
Testing your integration
MYOB does not provide sandbox environments with demo data. You need to set up test data yourself, which requires understanding both the API and MYOB's accounting workflows.
Your options: create a trial MYOB Business account and populate it with test data manually, use a dedicated company file in a customer's MYOB system (with their permission), or set up a local AccountRight installation for development.
Start with read operations to verify your authentication works. Fetch company info, then retrieve customers and accounts. Once reads work, test creating a simple customer contact before moving to invoices.
Use MYOB's Postman collection to experiment with API calls before writing code. The collection is available from the developer portal.
Unified API approach
Building direct MYOB integrations requires handling OAuth flows, token management, data normalization, and ongoing API maintenance. If MYOB updates their authentication requirements (as they did in March 2025), you need to update your integration.
A unified API provider like Apideck handles this complexity. Instead of building separate integrations for each accounting platform your customers use, you build one integration against a normalized API. The provider manages authentication, handles API updates, and normalizes data structures across platforms. For a detailed comparison of approaches, see our guide on accounting integrations.
This approach works well when you need to support multiple accounting platforms or when you want to reduce ongoing maintenance burden. For teams focused on building core product features rather than becoming accounting API experts, unified APIs can significantly reduce integration time.
Frequently asked questions
Can I access multiple company files with one integration?
Yes. Each company file requires separate OAuth authorization, but your integration can store multiple sets of tokens and company file GUIDs. When making API calls, use the appropriate token and businessId for the target company file.
Does MYOB support webhooks?
No. The API does not provide webhooks for real-time notifications. You need to poll endpoints to detect changes. Use the $filter parameter with timestamps to fetch only modified records since your last sync.
What happens when AccountRight releases a new version?
MYOB releases AccountRight updates regularly, typically monthly. Each release includes a decommission date for older versions, usually 2-3 months after the new release. Plan to update your integration testing when new versions ship, as some API behaviors may change.
Can I email invoices through the API?
Yes. Endpoints like /Sale/Invoice/Item/{invoice_uid}/email let you trigger invoice emails directly from the API. The company file must be configured to send emails via AccountRight, and this only works for online files.
What's the difference between AccountRight and MYOB Business?
MYOB Business is the current product branding that replaces AccountRight and Essentials for new customers. The API is the same. AccountRight files show UIAccessFlags: 3 while Essentials files show UIAccessFlags: 2. Your integration should work with both.
Next steps
Register for a MYOB Developer account, create an API key, and start with the authentication flow. Read the endpoint documentation for contacts and invoices, since those are the most common integration points.
If you want to accelerate your timeline, start with Apideck to connect MYOB and other accounting platforms through a single unified API.
For more on building accounting integrations, see:
Ready to get started?
Scale your integration strategy and deliver the integrations your customers need in record time.
