Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > API Authentication >

Retrieve token without prompt authorization

Started by Paulson Niro -   in API Authentication

Hello dev Xero,

We developing Xero Api with Asp Net (C#).
Is it anyway to skip the step without prompt Authorization to the browser when retrieve token?

Thanks
I have not found a way to do this, ideally I would like to do the same thing so you could 'Log in using Xero' via a different identity server, but then do another round trip to get a token back without the user having to click anything again.
 

Adam Tickner  

You have to get the initial refresh token using the browser. Once you have that, your application can retrieve it's own tokens.
 

Mark Chan  

Is there a way token creation via API doesn't require interaction from end-user. We need to retrieve information from our "company" contacts via a batch service that will run nightly or on-demand, of course, we don't want someone to need to enter his/her credentials in the process.
 

James Ralph  

There is no way to get the initial token without user interaction. But once you have that, use the token in your API and it will retrieve subsequent tokens itself without user intervention. The only time you may have to intervene is if you don't retrieve a new token within 60 days as the previous token will expire after that time.

Make sure when you get the initial token, you specify the right "scope" that allows your API to retrieve it's own tokens.
 

Mark Chan  

I have actually written a little sample program to simplify getting the initial tokens. All source code is here so you can check it to see that it's above board:

https://github.com/shagaroo/Xero-OAuth2.0-Token-Generator

You'll have to change the scopes to suit your API but make sure you have the "offline_access" scope so your API can regenerate it's own refresh tokens.
 

Mark Chan  

Thanks for everyone had response to this thread, i have find the solution to store token and there is no way without doing authentication.
 

Paulson Niro