API Overview

The Xero API v2 uses a RESTful approach, our API endpoints use an easy to understand XML format – making it quick and easy to integrate your application with Xero.

We use OAuth (v1.0a) for authentication and supports the following scenarios :

Public applications – use the standard 3 legged OAuth process where a user can authorise your application to have access to their Xero organisation. Public applications can either be web based or desktop/mobile installed. Access tokens expire after 30 minutes by default

Partner applications (coming soon) – are public applications that have been upgraded to support long term access tokens for use with single instance multi tenanted web applications. Apply to become a Xero Network partner to have your application upgraded.

Private applications – use 2 legged OAuth and bypass the user authorization workflow in the standard OAuth process. Private applications are linked to a single Xero organisation (chosen from a list of organisations you have standard user rights to). With this approach access tokens don’t expire so this works well for unattended applications that push or sync data with Xero periodically. e.g. creating invoices for billing each night.

A Xero user can revoke access to any application from the Xero Network settings screen inside the Xero application (Settings > General Settings > Xero Network).

We suggest you follow our getting started guide for developers to get up and running with our API.