0

For the past few years I have been using an unattended remote server to process invoices through the XERO API (Oauth 1.0) Periodically (every financial year) we create a new XERO organisation to keep things tidy and avoid slow down. I have just come to create a new organisation and associated app but have found that I can only use Oauth 2.0, which I do not have a massive issue with, BUT the fact I have to 'user' authenticate is going to be a real problem as my process is 'unattended' and started via CRON jobs.

Can anyone tell me if there is a way around this? and if not are there any solutions to do this? Alternatively is there any way I can change one of my existing Oauth 1.0 apps to point to a different organisation (i.e. the new one I have just created)?

It seems a little short sighted not to have considered unattended processes, I cannot be the only person doing this??

Any help or pointers would be greatly appreciated.

Thanks, Mike.

Improve this question

1 Answer 1

Reset to default
2

Yes you are not the only one doing this :) & yes, private apps are essentially deprecated end of 2020 - the move was not taken lightly. Since every API action through Xero's api is on behalf of a user account the team decided to move towards OAuth2.0 (Industry Standard) with a user consent screen.

If you need these long standing api connections on behalf of a user - they will need to initially authenticate that API connection at least a single time to get you an access_token and `refresh_tokenà. Access tokens are valid for 30 minutes, while the refresh token is good for 60 days.. So as long as you refresh > 2 months you can persist that longtail process.

If you don't have the means to build out that initial authentication screen to have your user validate on their own, you can use this CLI tool to get your initial token set to securely store in your remote server. An additional change is that that (or some) process will need to ensure the token is refreshed before use, and has given permissions to connect to a specific user's tenant-id as they might be a part of multiple Xero orgs & that manual consent screen is where a user selects which tenant/org they are giving API permissions to.

CLI to get Xero tokens from the command line

https://github.com/XeroAPI/xoauth

More info here: https://community.xero.com/developer/discussion/109207632#answer110970761

UPDATE

client_credentials aka machine to machine are coming to Xero's OAuth2.0 gateway.

You can read more about it here: https://developer.xero.com/announcements/custom-integrations-are-coming/

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks Christopher, I had previously read about this option but it seemed quite nasty :-) I will take a further look and attempt a test implementation Thanks again, Mike.
Hey Mike - I've got a video coming out soon that explains this in depth.. Have a subscribe - it should be posted in the next couple of days: youtube.com/channel/UC7DA_vntKKChsenzpL7QWPg
@serKnight, I have multiple business in my system. so every business has to create xero account and create organization to use my system. because to use xero payroll system i have to connect xero organization to my business in my system. and i do'nt want that, the business has to interact with xero. Please help me with that

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.