Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > Partner Program >


Started by Adrian Hooper -   in Partner Program

Do Xero happen to have some kind of a Sandbox server that has not been documented by any chance? I realise that it provides demo companies, but this is not particularly helpful when I am still required to refresh the access token every 30 minutes!

I understand this in a production environment, but for development purposes, I simply cannot understand the reasoning for this. It is infuriating trying to develop a complicated integration with Xero where every 30 minutes I have an error telling me my token has expired, and having to reconnect all the time. Whilst it might not be something that is particularly time consuming, it is frustrating and does waste time.

Now I know that I can apply to the partner programme to get this restriction lifted, but that's my next issue - we have already applied. Initially, it took over 4 weeks to receive a response, but sadly that response was not one granting us full access as it did not show everything that was required to get the approval. We responded to that with further information as requested, and that was over 2 weeks ago and we have heard nothing.

Now it's entirely possible that this email will come back asking for yet more information, and if we have to wait 4 weeks for every response, then it is slowing down our development, and at this rate we will be ready to go to production but won't be able to.

PLEASE can Xero introduce a sandbox, where there are no restrictions, or at the very least far more generous ones (even 24 hour expirations would be better!). We cannot be the only people who have faced this issue.
Sorry for the slow reply here. We detail the options for test organisations available here.

We have three app types for using our API, Private, Public and Partner.

Private provides a permanent connection to a single Xero organisation. Public and Partner allow you to connect to unlimited Xero organisations, both use a 30 minute token. The difference being that the Public token cannot be renewed, a new token is required by starting the oauth flow, the Partner token can be renewed programmatically. We issue the Partner type following a review of an integration running on the Public type; by its nature this process will result in some feedback and further review, we have a checklist of the common things we look for as part of our review here.

Both Private and Public are free and open to use, the common approach is to use each as required depending on what stage of development you're at. The Private type providing a single permanent connection is useful for developing the business logic of an integration because no token management is required. Switching to the Public type is useful at the point you would need to develop the oauth flow and token management prior to submitting your integration for review.


James Coleman (Community Manager)  

Can you please explain dev process when all logic is happening in background depending on various events. How we can develop&test token renewal, webhooks and API in general ? If private app is indefinite and public does not support token renewal/webhooks. Is there some trial access to partner app API or private app with 3 legged auth with token renewal ?

Tomas Radvansky