Encountered an error: CSRF DETECTED

I'm trying to create a REST API Resource by connecting ReTool to Xero (accounting SaaS) using OAuth 2.0. Having configured the Authorization URL and suchlike I go to "Test OAuth integration". I'm successfully taken to Xero, which confirms the scopes. I click "Allow access" and, once redirected to ReTool, shown the error:

Encountered an error: CSRF DETECTED.

How do I overcome this?

I worked this out with @NimbleBen through support. The problem was that the Xero OAuth flow needed an extra step to attach a tenant-id to the request headers.

1 Like


Are you @justin or @NimbleBen able to help me with the API for conencting to Xero?

I think I have a similar issue?

I can see from the "See token status" that there is an Access Token.

But I don't know how to access the tenant_id for my API request?

I think this is what I need? Is this similar to @NimbleBen ?



I'd love some help with this too. Any chance one of you could document how you got this working?

I ended up getting help from the Support "chat". I will see if I can copy and paste it here for you.

I'm trying to get some help with the Auth Refresh process too.


Hey Jeremy! It does seem like we've had a few users run into trouble with Xero, so we did a bit of a deep dive into setting up the resource. It looks like we need to do this as a custom auth workflow to get the tenant id, and it is a bit involved of a process. Here is what our working setup looks like start to finish:


Awesome thanks heaps. I'll give it a go.

That worked. Thanks heaps for the help!

Trying to get microsoft graph api integrated. I can get the api to work, but can't figure out how to get a user prompted to authorize. any idea?

Firstly, thank you! That was. great help. Secondly, sorry for resurrecting an old post but did you ever implement the Auth Refresh Flow and if so would you mind posting the steps please?