Integrations: Multiple Access Tokens for Each External Application

When integrating MYOB Acumatica with third-party services, administrators create external applications that connect MYOB Acumatica and these services. To verify users, these services often employ the OAuth authorization protocol, allowing these users to sign in on behalf of a specific account and receive an access token. This token is then used to request data that is available to the particular user. For certain services, such as Microsoft Exchange or Gmail, a separate access token must be specified for each user, to ensure that they can access only their own data.

In earlier versions of MYOB Acumatica, each external application could use only a single access token. As a result, administrators had to create a separate external application for every third-party user, which created a significant burden for both users and administrators.

However, in MYOB Acumatica 2025.1, administrators can now create multi-token external applications—that is, applications having a single set of application parameters and multiple tokens associated with different users.

For example, administrators can now integrate the Gmail and Microsoft 365 email services as external applications that share a common set of application parameters, while allowing different users to specify their personal access tokens.

Changes to the External Applications Form

On the External Applications (SM301000) form, the following changes have been made to support multiple-token OAuth 2.0 applications:

  • The new OAuth 2.0 option is available in the Type box (Item 1 in the following screenshot).
  • The Authorization Endpoint and Token Endpoint boxes have been added (Item 2). In these boxes, the administrator enters the URLs to send authorization and token requests, respectively. These boxes appear only when the OAuth 2.0 type is selected.
  • The Authentication Token section was replaced with the Tokens tab, which lists the access tokens obtained for the application.
  • The Return URL box has been removed and replaced with the View Redirect URI toolbar button.
  • The Sign In command on the More menu becomes disabled for multi-token applications. To sign into the third-party services, users now need to use the Sign In commands on the User Profile (SM203010) or Email Accounts (SM204002) form.
Figure 1. Multi-token external application


Changes to the Email Accounts Form

On the Email Accounts (SM204002) form, the following changes have been made to support multiple-token external applications for the Gmail and Microsoft 365 email services:

  • The new OAuth 2.0 for Gmail and OAuth 2.0 for Microsoft 365 options are available in the Authentication Method box (Item 1 in the following screenshot).

    Accounts that use these authentication methods can share external application parameters and have their own personal access tokens. When an administrator selects one of these options, the administrator should then select an application of the new OAuth 2.0 type in the External Application box.

  • The OAuth2 Scopes and OAuth2 Parameters boxes have been added (Item 2). These boxes contain predefined values of scopes and parameters that the system will use when issuing access tokens, but administrators have the flexibility to modify these values if necessary. These boxes appear only when OAuth 2.0 for Gmail or OAuth 2.0 for Microsoft 365 is selected in the Authentication Method box.
Figure 2. Email account settings for personal token OAuth authorization