0

I'm trying to make an OAuth request to the Xero API in JavaScript. The API requires OAuth 1.0a. I want to run the JavaScript on the client's browser, so I would assume I can't use Node.js?

The reason why I want to run it in the client's browser is because it has to run in SharePoint Online which doesn't allow server side code and I prefer not to host a seperate app.

I can make the API calls from server side code using C# (did this just to make sure I could call the API correctly) and now i want to make the same calls in JavaScript.

Is it even possible to do this client side? Please share your thoughts as I'm a bit stuck on how to do this.

Høgsdal
  • 395
  • 4
  • 21

1 Answers1

2

You can't really do this. It's technically possible, but you'd run into issues with CORS and more importantly it's very insecure.

Because you have to sign your calls with a secret/private key, an entirely client side app basically means handing your secret/private key over to anyone who loads up your app in their browser.

OAuth 2 is on its way (https://xero.uservoice.com/forums/5528-xero-accounting-api/suggestions/2102751-oauth-2-0) which will make these kind of apps viable.

(Full disclosure: I'm an API dev at Xero)

Steven
  • 136
  • 3