Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > Add-ons >

Xero add-on application types - how not to drive the end user crazy with login requests?

Started by Lachlan Dot -   in Add-ons

I'm a software developer who has discovered Xero through the payroll procedures of my latest employer. I'm interested in creating and selling a third-party Xero add-on, but I have concerns around the Xero API's login process and so wanted to better understand it. I'd be grateful if someone at Xero could respond.

Background - the sort of app I want to create:

I want to write an add-on that would run on the end-user's computer, where it would send information to Xero whenever software on the user's computer triggered it to do so. E.g. when the user enters a new sales order into their sales order system, information about the order would be sent to Xero by my add-in.

I want to write the add-in as a commercial product that can be sold to anyone interested i.e. its not tied to any particular Xero account. Customers would buy it, install it, and want it to then send information from their computer to their Xero account.

Question - how does my add-on connect to Xero without having to bug the user to log in every time it connects?

The user should have the option to need to log in every time, and the user should certainly have to supply their login credentials at least once before the add-on can connect to their Xero. But what about the scenario where the user wants to log in once only, then have the add-on remeber login details or similar such that the user doesn't then have to re-enter their login details next time the add-on sends some data to their Xero.

In the Xero Developer documentation there is discussion around private vs public vs partner apps. From what I understand, the add-on I want to create is not a private appp, and so therefore must be a public or partner app. But the documentation goes on to say that public apps need a new login (token) every 30 mins, and partner ones also similarly need a new login if they don't stay constantly connected to Xero.

Am I misunderstanding things (e.g. is there some other documentation that applies to add-ons of the sort I am describing) or is there no way to write an add-on that won't constantly nag the user to log in? I think I must be misunderstanding something, as this would indicate to me that its not possible to automaticallly integarte e.g. inhouse sales/crm systems with Xero.


You are correct that the application you are building sounds like an 'add-on' or app rather than a private integration. The way it works is we have tiers for this. Public and Partner. They are the same API but Partner allows you to programatically renew expiring tokens using private keys and signing certificates. The Partner type is available by application only to apps that we have certified because acquiring those keys is associated with certification, meaning we list the app on our marketplace, so as you can imagine we have standards that we ensure they meet. Generally apps are built using the public API first and then once users are using it and it's been tested thoroughly and all the beta teething issues have been ironed out, you apply to get certification or partner status. In summary - go ahead and build your app using the public keys, beta test it and then apply to get partner keys.

Rebecca Martin (Xero Staff)  

Hi Rebecca, just to clarify. Lachlan wrote "I want to write an add-on that would run on the end-user's computer". Is it possible to get a partner status with a desktop app or does it need to be web based? Or does that not matter?

Bjoern Krollner