Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > API Authentication >

Custom connections for organizations not in AU, NZ or UK

Started by Joan Lledó -   in API Authentication


I have a project which is integrated with Xero through a private app, and the only way we have to migrate to oauth2 and keep the same functionality is by using custom connections, but our organization is not in AU, NZ or UK.

Will custom connections be available for other countries before private apps stop working?
Will we have the enough time to migrate our apps before private apps stop working?

Hi Joan - thanks for your post.

While we plan on eventually supporting Custom Connections in all regions, complexities in taxes and billing means it won't be available before the deprecation on OAuth 1.0a.

Unfortunately there are multiple reasons (e.g. deprecation of underlying technologies) why we're not able to extend the deprecation of OAuth 1.0a any further than we already have.

We appreciate this makes the migration to OAuth 2.0 more difficult, it is still possible to integrate with the OAuth 2.0 code flow even if your app doesn't have a UI.


Dan Young (Xero Staff)  

Hi Dan

I am from the same organization as Joan.

We originally moved to Xero because of the promise of a direct integration with our bank which never materialized and now our application will be switched off because we are based in the EU.

This is a really poor way to treat customers who are not in AUS, NZ or UK.

Can this not be extended to the end of the year ?



Nicky Morrogh  

Hi Dan,

I have a complete machine-to-machine integration with no human intervention running as background jobs in servers. Now you put me in a situation where I have to figure out a way to migrate this to a new backend with human intervention. I'll have background jobs which should be totally automated failing unless I introduce my credentials manually... and have it before the end of September, when we have other priorities. And, if you eventually make custom connections available for us (which I don't know because I have to believe you), then I'll have to migrate it again to come back to what we really need which is no human intervention.

Honestly, it's hard yo understand the decisions Xero is taking about this, you can't just drop a service you're offering and abandon clients with no alternative.

Joan Lledó  

Hi there,

We have two companies in the UK and in the US, where we use Xero and the same codebase using OAuth 1.0a and a M2M private integration. How do we deal with that if this is not available in the US? You ask us to migrate a complete integration to a new API in less than 3 months (?), which is not yet available in both regions?


Vincent G.  

It's not impossible to get machine-to-machine connections working with OAuth2.0 without user interaction. I use XOAuth to get the initial access token and refresh token, and then my Service code refreshes it as required. There's a video on the Youtube channel that shows it step-by-step.

I was taken aback when the OAuth1.0 connection was deprecated virtually the day after mine went live, but that was back in 2019. The initial deadline for migrating to OAuth2 was quite short, and it was useful for me that it was extended. But it's not really fair to talk about having three months to migrate when you've already had 15.

Mike Edwards  

I think it's fair to about a less 3-month migration, Xero's communication was to wait for an official solution for M2M. They should have announced beforehand that this solution wouldn't be available everywhere, we would have used the hacky way before instead of now having to rush things during the Summer.

Vincent G.