Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > API Authentication >

Limit what can be queried through API

Started by Edward Monson -   in API Authentication

My organization is planning to build an app that will allow our employees to see reports. Is there a way to limit the developer of this app to only access the report api endpoints?
Firstly, you do not need to give your developer any access to Xero, you or one of your users with standard or advisor role can make the connection without the need for the developer to access your Xero directly.

The data an app can access is limited by the scopes the developer includes in the authorisation link you click to connect the app to Xero.

After you click to connect to Xero and enter your login details you are shown a list of what the app will be able to access so if the developer has added more scopes than you are happy with, you can choose to not connect and can ask them to remove some scopes.

Having said that, the reports that can be seen with the reports scope are limited to:
1099 Report
Aged Payables By Contact
Aged Receivables By Contact
Balance Sheet
Bank Summary
BAS Report
Budget Summary
Executive Summary
GST Report
Profit And Loss
Trial Balance
Any other report would need to be built from other data by the developer and so they would need more access.

Sally C (Community Manager)