Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > API Authentication >

'Invalid State' on Callback

Started by Mark Carver -   in API Authentication


I have had the authorization working fine for months and yesterday it decided to stop working.

I have reverted back to implement the simple 4 example files authorization.php, storage.php, callback.php and authorisedResource.php. included in the PHP tutorials.

Xero authorises the App and returns to my callback file but then just gives me the Invalid State message ...

I have double checked the client ID and Secret word,
I have used a new App,
I have disconnected the App
I have also left it more than 30 minutes (actually overnight).

Does anyone have any ideas what could be causing this?


The state is a value you pass in the authentication process to let your server know that the request is genuine. It will be your server that is validating the state and so you would need to check that the state that is in the authorization link is what is being expected by the server.

Sally C (Community Manager)