Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > API Endpoints >

Organisation Names (with OAuth 2.0)

Started by Tom Harrington -   in API Endpoints


We are using OAuth 2.0, and as per your docs (https://developer.xero.com/documentation/oauth2/auth-flow Point 5) it's now possible for an access token to be valid for multiple tenants. The connections endpoint only returns the guids of the tenants. How should I go about finding the names of (in our case) the organisations to which these relate?

From my tests the organisation endpoint will only return data about the organisation you are supplying in the the Xero-tenant-id in the http header. How do I find out the names of the other organisations?

Our scenario is this:
We wish to post invoice data to Xero. Our users might set up and test their configuration whilst connected to a demo organisation in Xero. Once they are happy they would switch the connection to their production Xero organisation and post to that.

Your sample OAuth 2.0 app shows handling of multiple tenants simply by iterating over each of them and retrieving data from all of them. That might be fine if you're only reading data from Xero, but as soon as you need to post data you need to pick exactly one organisation to post the data to.
As the tenants returned by the connections endpoint only contain the guids, which will mean nothing to our users, we need to find the organisation names of all of the tenants so that we can show them in a list to the user.

Surely there has to be a better way than changing the Xero-tenant-id header for each call to the organisation endpoint?
Hi Tom

At the moment you will need to iterate through each of the tenants and make a GET call to the Organisation endpoint.

That said, we have just increased the detail on the https://api.xero.com/connections endpoint so that we now return the createdDateUtc and updatedDateUtc. This will allow you to see which tenant was the most recently added, and hopefully help keep track of the organisations you have access to.



Robin Blackstone (Community Manager)  

Thank you for getting back to me so quickly.

If you are able to increase the detail on the connection response, could you add a name/description to it too? Is there a good reason it's so limited at the moment?

Kind regards,

Tom Harrington  

Alternatively, could the /connect/token api call also return the tenantid that was approved for the given scope, but only if the requested grant_type is authorization_code

At the moment, you have to try and derive which organization they have just given you authorization to work with (it is only a problem where they have more than one organizations and have approved one of the other organizations in the past using the same login/password)

Raymond Davey  

Returning the Organisation name along with the tenant IDs would be very useful. If we have multiple tenants, the users will not recognise the ID, they will only know the name. Also, can we supply a list of tenant ID's on a request, and have the results marked tagged with tenantID and name? Imagine you are an accountant firm, you may have multiple clients, but you might want to pull invoices for all of them. Ideally, you would do that in one hit, and get your results back tagged as each client.

Steve Hibbert  

This is a pretty fundamental issue for us too, not having the organisation name results in a worse experience for end users as we have to iterate through the tenant IDs, waiting for each to return before we can let them select which one is correct. Obviously, we can mitigate this by auto-selecting if they only have a single organisation, but many are running multiple accounts so it's less than ideal for us and, presumably, you to have to serve n+1 queries to get this information.

Stuart Gibson  

+1 for a feature returning the entity name in the list of connections or even the token authorise response.

Mike O'Connell