英文:
OAuth2.0 server to server request without access token
问题
我正在使用Xero API构建一个应用程序。
我已成功实现了OAuth流程,并且能够为特定租户创建、读取、更新和删除发票。
我面临的问题是如何实现Webhook以及如何从我的服务器获取数据。
通常情况下,使用OAuth时,请求是代表特定用户的,我的服务器只需管理每个请求的访问/刷新令牌;但现在Xero直接向我的服务器发布事件,我应该如何(以经过授权的方式)从Xero获取相关资源并相应地更新我的数据库?
我只需为该租户获取任何用户并代表他们发出请求,还是我完全忽略了某种允许我进行经过授权的服务器对服务器调用的方法?
英文:
I am building an application with Xero apis.
I have implemented the OAuth flow successfully and I am able to CRUD invoices for a given tenant.
The issue I am facing is implementing the webhook and how I am meant to GET data from my server.
Typically using OAuth the request is on behalf of a specific user where my server simply manages the access / refresh tokens for each request; But now Xero is posting an event directly to my server how am I meant to (in an authorised manner) fetch the relevant resources from Xero and update my DB accordingly?
Do I just grab any user for that tenant and make the request on behalf of them or is there some method that I have completely missed that allows me to make authorised server to server calls?
答案1
得分: 1
你可以使用来自该租户的任何用户的有效访问令牌,以进行对相关资源的GET调用,例如发票或联系人的调用。
英文:
You can use a valid access token from any user for that tenant to make the GET calls to the relevant endpoint for the resource eg invoice or contact
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论