Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > API Authentication >

OAuth token rejected error

Started by Ruan Zeelie -   in API Authentication


I'm trying to do a few simple things with the Xero API via a private app, but I'm yet to be able to authenticate.

According to the docs, I'm meant to use the consumer_key as the access token, but when I do I get an error response whereby the token doesn't match and expected ACCESS token.

Then I thought I'd request a token, where I was told that private apps aren't meant to request tokens.

So I'm a bit stuck. Can someone point me to a step by step private app setup, where someone started from scratch, sent a request, and get a successful API response please? :-(

I've scoured this community and Google for 2 days and I just cannot seem to win, and the seemingly closest questions that were asked in the past went unanswered.

I'd appreciate any assistance.

Hi Ruan,

The Xero API uses OAuth1.0a (described here) which makes it slightly more complicated than just supplying your consumer key as an access token.

The developer portal has a description of the setup process for private apps (which it sounds like you've gone through already) - https://developer.xero.com/documentation/auth-and-limits/private-applications - the certificate used in the process is what you'll use to sign your requests.

We strongly recommend using a wrapper/SDK if there is one for your language of choice. The source of the Xero-supported wrappers is available for inspection/forking - here's where the .Net Standard wrapper does private authentication: https://github.com/XeroAPI/Xero-NetStandard/blob/master/Xero.Api/Infrastructure/Authenticators/PrivateAuthenticator.cs

Hope that helps!


Russell Dear (Xero Staff)  

Hi Russell,

Yes, I am implementing Oauth1.0a, and as part of that am getting these issues I mention. I'm using (as far as I can tell) the right keys to sign the requests.

The problem comes in when I 1.) want to request a token and can't 2.) use my consumer_key as the access token and can't.

I understand you'd prefer me to use a wrapper, except, I'm using Elixir and would really like not to introduce complexity into my application by adding an SDK from another language (I could using erlport).

Based on the responses from your API, it seems like the OAuth part is not the problem? I looked at the OAuth debugging page you have and the API would seemingly tell me if there was a certificate mismatch or something alike.

Could you please show me what the resulting OAuth header would be with the params included? And to which endpoint I should call i.e do I infact request a token? Do I call straight to the API with the consumer key as the access token (this is not currently working as it's expecting an access token...)?

Ruan Zeelie  

I'll try using this: https://github.com/MJMortimer/elixero

Ruan Zeelie