Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > API Authentication >

oauth client credential flow

Started by Jean Holland -   in API Authentication

Hi All,

Hope everyone doing well. We are trying to call Xero api from our api using client credential flow.
As its server to server communication , there would be no user interaction needed.
But Xero api need authcode to even for client credential flow.
Can you please help resolve this issue?
Hi Jean

An initial authentication is needed to ensure that user consent is given to access the Xero data.

You are able to generate an authentication link in Postman and then a user with standard or adviser role in the Xero organisation can click this link and authenticate.

if you've included the offline_access scope in your Authentication, you will then be given access and refresh tokens in Postman.. Refresh Tokens can be used to refresh Access Tokens, without user intervention.

You can save these as variables where they can be accessed by your server.

Refresh Tokens are single use, and will last for 60 days or until used. On a Refresh Call you will receive both a new Access Token and Refresh Token, allowing you to use the new Refresh Token on your next Refresh Call. In case a response is lost, Refresh Tokens also have a 30 minute grace period where the same token can be used as many times as you require in the first 30 minutes after their first use. The only time the user would need to interact would be if your app was to lose track of the tokens. In this scenario the web based authentication system would be re-used.

It is also worth noting that we now have Custom Connections available for NZ, AU and UK Organisations. This is a paid app type that utilises the client credentials grant type offering a more streamlined integration, typically for machine to machine connections or smaller bespoke apps. Custom Connections also use a dedicated consent flow via email to keep customers in full control of their data.

For more information on both the OAuth 2.0 Code and Custom Connection flows, please see the links below.

Xero Developer:
The OAuth Flow
Custom Connections

Sally C (Community Manager)