Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > API Authentication >

API oauth2 documentation and examples

Started by Alec Sanderson -   in API Authentication

I am building oauth2 into an existing .net core 3.1 app (with MVC).

I found this example:


This was good and relatively easy but when I integrate the code this
one is not using the latest libraries so I get quite a few failures so I think that the newest nuget libs are not being used. The versions here are: oauth2 2.2.0 and client 0.0.4 (v old!!!)

However there does not appear to be any relevant documentation on oauth 2 nor any tangible examples - there are a couple of others that are on the developer such as:


Which is more up to date ... but this is a mare to integrate as it uses specific calls, no strongly typed variables etc. (so fails if you dont use the same code base / references etc) and there is no documentation to show how to use the API calls once you have integrated (the only one simple example is a count of the outstanding invoices).

The earlier example does have these examples but fails as the references are too old!

So ... in essesnce:

Any chance of some decent docs with examples of use for all the API calls

OR ...

Any chance of a GOOD set of example apps that you can integrate with your own (inc all function calls). The examples are reasonable but IMO a nightmare to integrate with any existing app since the code base is so specific and non-generic. It took me about 20 hours for one example alone then realised there were no method calls for any meaningful work!

If you are going to deprecate oauth1 soon then you should at least give us some decent stuff to work with??? please, pretty please ...

Thank you

Hey Alec, we appreciate the feedback on .NET SDK and its companion demo application. Points taken.

We are getting more dev resources so we can better demonstrate OAuth 2.0 integration. The previous efforts were spent on making sure all APIs are covered in the new SDK, which I am sure you can understand equally urgently needed by .NET developers. They were also a stopping point for migrating to the new APIs.

We have now almost completed the API sets and is now working on an up to date sample application very soon.

If you have a specific questions related to your OAuth 2.0 implementation in .NET please feel free to leave the comments here or raise it on Github repo. We will help you to our best ability until the new doc and sample apps are released.

Jenks Guo (Xero Staff)  


I do appreciate you are working hard, like the rest of us in extreme conditions, and would be less concerned if you didn't have a deadline to end oath1 in about 8 weeks time!

I run a tech (software) business (no really!) and switched to Xero three years ago as it had a good API and some good plugins.

I think this is highly unreasonable and pretty unprofessional (I would never do that with my clients "you have to upgrade, you have 3 months, and we are not really going to tell you how - so go figure ..."). You are losing your reputation amongst tech firms certainly here in the UK as I am not the only one with these issues.

But OK there are some specifics to start with:

Number 1

Is there any documentation or examples on the latest libraries (apart from the one on the web site)? And I mean for the calls to the accounting parts using async libs etc.

Number 2

Our internal app is quite large and although is now using asp core 3.1 it has lots of legacy code and specifically controllers that are not async like this:

public ActionResult PurchaseAfterUpdate(string formName, string alertName, string formContents, string controlID, string controlValue)

All the Xero library functions are async so it is impossible to run these in any of these controllers. We have some 500+ controllers, 100 + views so as you can see there is no chance of re-engineering.

An example: the purchase orders part of our app has two Xero buttons ("Post to Xero" and now "Login to Xero" for oauth 2) and I need to disable the first if the token is not current. But we can't do that as it only has async methods and the call to this controller is sync. (I know there are ways to do this but it is string and masking tape and totally "yeuch").

Number 3

We need to be able to post a purchase invoice to Xero (this all works in oauth 1 by the way) and thus need a mechanism for:

a - checking for the existence of contact and creating one if not
b - creating or updating a purchase invoice

The example that works on this uses a very old version of the libs and either a) we have to use v old libs or b) we have to figure out how to do this ourselves (the coders have spent some 2-3 days trying so far!) as there is no documentation (or if there is they can't find it).

If you can at least point us to mechanisms for the above it would be a help.

Many thanks


Alec Sanderson