Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > API Authentication >
There is a daily limit of 1000 API calls that a provider can make against a particular Xero organisation in a rolling 24 hour period. If you exceed this rate limit you will receive a HTTP 401 response with the message “oauth_problem=rate%20limit%20exceeded&oauth_problem_advice=please%20wait%20befor
e%20retrying%20the%20xero%20api” in the http response body.

In addition to the daily limit, each OAuth access token can be used up to 60 times for each 60 second period. If you exceed this rate, the API will return HTTP 401 (unauthorized) with the message “oauth_problem=rate limit exceeded” in the http response body.

Catherine Walker (Community Manager)  

These limits can easily be exceeded when coding using unit & integration tests ... is it possible to get developer accounts which can exceed or extend these limits?

Alain Moran  

I think it is very reasonable for Xero to have this limit. It must really level out their API server load. I'm glad that I can rely on it being available and not bogged down by some other organizations script-gone-wild. Throwing a sleep(1) in my pHp after every API request is a pretty reasonable compromise.

Mark Ackerman  

@MarkAckermann: sleep(1) is certaily reansonable, but would mean you can do 20.000 - 30.000 requests a day. Xero allows only 1.000.

Maxmillian Dornseif (Cyberlogi)  

To clarify regarding the Usage Limit, a Get Invoices where Status = AUTHORISED (like with example 2 http://blog.xero.com/developer/api/invoices/ at the bottom of the page) is counted as 1 API call. Correct? Or is this 2 because 2 invoices are returned? Thanks.

Antony Thorpe  

@Antony - correct - that's just a single API call (i.e. 1 GET request)

Tony Rule (Xero Staff)  

Ok so setting up a company to have all their clients and other information via API greatly limited I have a client i'm trying to set up but the api calls will be over the 1000 and I have noticed that the post new client adds the client into XERO but then does not return the correct codes thus causing the "Sync" to fail.

Now i'm not sure if the SYNC bug is caused by the API call throttling – max 60 calls per minute per API provider.

Note both errors send the same error notification therefore not giving the user the correct. Cause of the error.

What happens on payroll day if the API has been used by a different user to update, now the debits and credits can not be entered thus causing the company to not pay their employees.

Is there anyway around this issue if it does occur?

Michael Cole  

Hello - is there any way more calls can be purchased? - Thank you!

Rob Holmes  

it defied all logic that Xero imposed such a hard limit on API calls. @mark suggests there is a good reason for it, but the nature of scalable cloud computer architectures mitigates such "bottleneck" concerns.

As it stands it way too risky for us to continue with Xero. Its unbelievable they are so short-sighted as to force companies to jump ship once they grow become these needless self-imposed limitations.

Max Hodges  

Hi all,

Maybe my programming logic is wrong, but I can see me very easily reaching the 1000 calls/day. I want to create a draft invoice (if one doesn't already exist), and add a line item to it (daily), when a customer orders a product. Then, periodically (monthly), I can approve the draft invoice and send it to the customer.

So I have to query if there are any draft invoices for the customer (call count=1), get that invoice (so I can get the existing line items - call count=2) and then append a line item (call count=3). Unless there is a way to append a line item to an existing invoice that I haven't found yet (which would leave my call count at 2). This means I can only use 1/3 of my api call limit (or best case, 1/2). Any suggestions? I considered saving the current draft invoice in another database that I could use to save call 1, but that could lead to data inconsistency.

While the limit is somewhat understandable, it (along with several other limitations in the API) makes the system very restrictive.

Darryl Hunter