Experience

Sign-up

Initial signup, have to create a fake company/business before you can access the Demo Company

What is Xero

Business, Accounting, Payroll

Demo Notes

• Payroll isn’t enabled by default

Technical Notes

• Developer Site - https://developer.xero.com/
• API Spec - https://github.com/XeroAPI/Xero-OpenAPI

Rate Limits

See here

There are limits to the number of API calls that your application can make against a particular tenant (organisation, account or practice):

• Concurrent Limit: 5 calls in progress at one time
• Minute Limit: 60 calls per minute
• Daily Limit: 5000 calls per day

There is also a limit to the number of API calls your app can make per minute across all tenants.

• App Minute Limit: 10,000 calls per minute

Each API response you receive will include the X-DayLimit-Remaining, X-MinLimit-Remaining and X-AppMinLimit-Remaining headers telling you the number of remaining against each limit.

Exceeding a rate limit will result in an HTTP 429 (too many requests) response. It will include an X-Rate-Limit-Problem header telling you which limit you have reached.

If you have exceed the minute or daily limit you will also receive a Retry-After http header that tells you how many seconds to wait before making another request. Requests are counted against a fixed window which will reset at different times for each tenant. It is important to use the Retry-After header to know when you can start making calls again.

Auth

https://developer.xero.com/documentation/guides/oauth2/overview/

Note: Something about Certification and uncertified limits

1. Code Flow - free Requires user interaction
2. PKCE - free Requires user interaction
3. Custom Connection - AU$10/mo

Code Flow

The standard flow is the most well known OAuth 2.0 flow and typically used by web server applications. It requires your app to securely use and store a client secret.

• Scopes are defined in the OAuth request

Not the right auth type, requires a user to consent.
We could store this code and use it globally but the access_token has a 30 minute life, and the refresh_token has a 60 day life

Custom Connection

Xero’s Custom Connections leverage the client_credentials grant type and are designed to make it easier to build bespoke integrations. Custom connections require less technical knowledge to build because Xero provides the authorisation flow. This means they’re also quicker to integrate and are easier to manage over time.

• Can select the user to perform actions as
• Select scopes in advance
• DEV - Sends out an authorisation email (since it will perform instructions on behalf of a user)

Webhooks

On Payment Entered

Create App

https://developer.xero.com/app/manage

Invoice

XERO allows you to enter in a payment

Technical Integration

• https://github.com/XeroAPI/xero-node
• https://xeroapi.github.io/xero-node/accounting/index.html

Requirements

Payroll

• Link employees from SYS to Xero employees

Invoices

• Should invoice copies be stored locally?
• SYS request XERO to generate invoice
• SYS mark XERO invoice as paid (i.e. manual)
• XERO to notify SYS of payment
  • or SYS polls XERO