Skip to main content
Skip table of contents

EXO Business API Error codes

This is a guide to API Error codes, and is intended to act as a resource for Developers/Exo Business Partners.

Error Code: Requested provider not found by [JWTAuthenticationProvider]

Appears: Error appears when doing any requests via the LiveRelay.

Meaning: The API service cannot be reached on the host server. Check that the host server has Internet connectivity, and that the service is running.

Resolution: Usually resolved by restarting the API Service on the host computer.

Error Code: Unable to load ModuleSecurity for ‘appid=4400’

Appears: Error appears when doing any requests apart from discovery.

Meaning: The module ‘4400’ is unlicensed. 4400 is the API.

Resolution: Make sure the API License is loaded in Exo Config. If you don’t have one, contact your business partner.

Error Code: An error has occurred. / Error 500

Appears: Can appear anywhere.

Meaning: Indicates either Business Logic or Database failure with the data sent through.

Resolution: Most commonly appears if trying to submit a description that is too long. Older Exo databases have a 40 character maximum for Description fields, which was increased in 2018.5 to 100 characters by default. Both database tables AND a hidden profile in Exo Config need to be updated to enable longer description lengths. Similar problems can appear with Addresses.
Check for Truncation errors as your first port of call. Otherwise, get the Business Partner involved and send them a copy of the packet.

You can also refer to the linked articles.

Sympton: No specific API error, but connection is refused by the Relay server

Symptom: API unable to connect via LiveRelay service. (Especially if works via Local API connections.

Appears: On any API call via appropriate service.

Example Code: (.NET example)

System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IO Exception: Authentication failed because the remote party has closed the transport stream. at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult) at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar) --- End of inner exception stack trace --- at Microsoft.PowerShell.Commands.WebRequestPSCmdlet.GetResponse(WebRequest request) at Microsoft.PowerShell.Commands.WebRequestPSCmdlet.ProcessRecord()

Meaning: You’re attempting to access the LiveRelay service, but are not correctly securing your connection.

Resolution: Force your code to use TLS 1.1 or above. For .NET/Powershell this can be done by:

  • Upgrading to Powershell 6 OR
  • Upgrading to .NET 4.6.1 OR
  • Adding this line to your code:
    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Symptom: API Discovery endpoint works, but attempts to use any other endpoint return no information. Especially via LiveRelay.

Appears: Can appear anywhere.

Meaning: The user did not authenticate properly, and no data was returned.

Resolution: When experienced, the API user was using a valid API Token, and a validly hashed Username/Password combination, however, the User had been removed from the staff table.

(Test database had been overwritten and the user hadn’t existed in the live database.) Adding the user again and reissuing an ExoToken worked, so suspect this is the resolution generally for this kind of problem.

401 Unauthorized (API) / Invalid x-myobapi-exotoken: Invalid signature.

Appears: Can appear anywhere.

Meaning: The ExoToken you have submitted did not validate against database information. (The User you have requested is not authorized to use the API).

Resolution: Confirm that the ExoToken is correct to the one issued by Exo Business.

If this error is appearing consistently then it almost always indicates that the ExoToken being used by the API is wrong (For example, the user's password has been updated, or the User has been deleted.)

If this error is appearing intermittently, then it probably indicates that there are duplicate DB_ID present on the server hosting Exo. Databases must have a unique DB_ID for API services to work consistently, otherwise, the API may select an incorrect database.

401 Unauthorized (API) / Invalid x-myobapi-exotoken: The token has expired.

Appears: Can appear anywhere.

Meaning: The ExoToken you have submitted is for an expired license. This should not happen if you are correctly refreshing your exotokens prior to expiry.

Resolution: Try to refresh the token via the API.

Confirm that the user has current licenses loaded, as the API does not allow a grace period if licenses are expired.

If the user has correct licenses loaded in Exo, including the API license, then have the ExoToken for your user reissued from ExoConfig by a site superuser.

Information on Refreshing tokens is in the general API documentation - Exo API - Authentication.



Everything to do with API Configuration should be referred to either your IT Administrators or your Exo Business Implementation Partners, or your API Developer Partner. These pages are highly technical and intended for your Partner to work through.

You can also find more resources on the MYOB Exo Business Education Centre.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.