Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > Getting Started >

R Connection to XERO via API

Started by Clancy Birrell -   in Getting Started


I'm attempting to use the httr package to connect to xero via the api.
I'm having a lot of trouble and it seems this is because of the way that the authentication works.
I have been successful connecting to workflowmax via the api and it is VERY straight forward however the xero api seems to be missing something.
Also I've had some success with the RODBC connector for the demo company and having setup the driver from CData. BUT cannot get it to work on a real company within Xero.
please HELP!
All the best,
Hi Clancy,
Disclaimer: I have no experience in R, but I can try to point you in a helpful direction.
Xero API uses OAuth1.0a authentication. The algorithm used to sign your request varies depending on your app type.
- private apps use RSA-SHA1
- public apps use HMAC-SHA1
A quick look at the httr docs suggests that oauth_service_token might be what you're looking for.

If that doesn't help, feel free to provide more information so that we can understand your question better.


Amy Martin (Xero Staff)  

Thanks for that Amy.
I'm unsure of the endpoint?
Also the secret is this my rsa_key or my consumer key?
and the scope is this the xero api url that i'm attempting to query?
PS It's a private app

Clancy Birrell  

Hi Clancy,

For private apps, you do not need to call any authentication-specific endpoints (e.g. /authorise). Simply sign your request and send it to the API endpoint you're interested in (e.g. /invoices). Your consumer key also functions as your access token. The secret is your RSA private key. The Xero API does not currently support the concept of scopes, so the "scope" field should be left blank.

Also, I'm not sure about the oauth_service_token since it says it's for oauth2. I'd try the oauth1.0_token instead (or as well).

Let me know how you get on.

Amy Martin (Xero Staff)  

hmm no dice.
oauth1.0_token(endpoint= oauth_endpoint(authorize='https://api.xero.com/oauth/Authorize', access = 'https://api.xero.com/oauth/AccessToken'),
app = oauth_app('WLPExtracts', key = 'x'),
permission = NULL,
private_key = rsa_key)

Using secret stored in environment variable WLPEXTRACTS_CONSUMER_SECRET
Error in handle_url(handle, url, ...) :
Must specify at least one of url or handle

Clancy Birrell  

Hi Clancy
Did you find solution for this? as I am at the same point.
If you have the R code it would make my life a lot easier.
Thanks In advance

Robert Tilsley  

nope. Had to use the python connector via reticulate package....which is okay but I'd prefer to exploit the xero api directly without the python package obfuscations.

Clancy Birrell  

Thanks, At least I know it is now possible. Just another bit of code to work out.

Robert Tilsley  

Hi all. Just checking if anyone managed to setup an all R solution yet?

If not, do you have a code example of setting up an API connection with reticulate Clancy? Are you using the pyxero library?


frances campbell  

If you have a Cdata connection working successfully with a DSN on your ODBC then use this code in R

conn <- odbcConnect("CDataXeroSource")
data <- sqlQuery(conn, "SELECT * FROM TrialBalance", believeNRows=FALSE, rows_at_time=1)

For WorkflowMax I use an HTTP connection with the Keys and Passwords in the call.

I have both working

Robert Tilsley