2

I am migrating to Xero and want to set an invoicing process to run once a month at a specific time using a cron job, I can get the cron job to fire and I have set up a php page based on https://github.com/XeroAPI/xero-php-oauth2-app which I can run manually and it works perfectly.

I've also used https://github.com/XeroAPI/xoauth to retrieve the tokens and store them in the keychain, I can see that they are there.

I've got a bit lost where xoauth says "Piping the access_token, id_token and refresh_token to stdout, so you can use them in a script workflow"

I'm hoping someone has done something similar and can point me in the right direction or even better give me an example as I can't find one online.

I assume I am missing a link between the 2 examples which transfers the token values.

When the cron runs I get the following error

'Fatal error: Uncaught BadMethodCallException: Required parameter not passed: "refresh_token" in /Applications/MAMP/htdocs/vendor/league/oauth2-client/src/Tool/RequiredParameterTrait.php:35'

which is not really a surprise as I'm not giving it a refresh_token as far as I can see.

I am using localhost on a Mac as a development environment.

I have seen a number of questions related to this from more experienced developers but no answers.

Thanks Gordon

ruraldev
  • 187
  • 2
  • 13
  • Hey Gordon - video is up, let me know if that gets you sorted: https://www.youtube.com/watch?v=Zcf_64yreVI – SerKnight Apr 23 '20 at 22:30
  • 1
    Extremely helpful, I've decided I was making things more complicated than it needed to be, I've now changed tack and decided the following makes sense: 1. Create Mysql database to hold the connection tokens. 2. Populate it manually to start with using Xoauth. 3. When the page loads each month, refresh the tokens and save new values to the database as well as use them for the API calls. Does that make sense or would you suggest anything else? – ruraldev Apr 24 '20 at 05:22
  • Nailed it! Happy to get you sorted. Feel free to shoot me a message once you’ve got it implemented would love to hear what your scripting. Chris.knight@xero.com – SerKnight Apr 24 '20 at 14:52

1 Answers1

2

thanks for your question. We have gotten this one a lot so I used this as the base for a XeroAPI community-corner video that I will share back here soon that walks through getting access/refresh tokens from xoauth, making api calls, and refreshing to get a new token set.

Answer

What you want to do is after you generate the access token with the xoauth repo. In your PHP script - plug in the access_token & xero-tenant-id (as 2 headers in your api call).

Authorization: "Bearer " + access_token
xero-tenant-id: tenantId

Ensure the API call returns your data. Then create a function in your script that does the following before future API calls

  1. Refreshes for a new token_set
  2. Saves new token_set to a DB or static file
  3. Use that token_set 'access_token' to make your Invoice API call
  4. Repeat step (1-3) at least once every 60 days

NOTE: you will need some kind of persistence to store the continually refreshed token_set.

Hope this clarifies it for you. I will post back the video for an in depth walkthrough asap.

OAuth2.0 Background:

Essentially our move to simplify and standardize our API authentication came with some challenges in how to setup longstanding API connections for use cases that didn’t need to onboard an increasing number of new users. For instance, a lot of small businesses and accounting firms setup custom processes to batch import/export invoices.

The use case often did not have the need for an application user interface, so standing one up just to get a valid access token was a lot of extra work if the integration only needed to connect to single ‘admin’ type user for a specific Xero Organisation.

Community
  • 1
  • 1
SerKnight
  • 2,502
  • 1
  • 16
  • 18
  • 1
    Thanks Christopher, I think I'll wait for the video as that'll make it easier to see where I am going wrong. – ruraldev Apr 17 '20 at 04:14
  • Does this mean I can replicate my current method of operation (a Windows Service that interacts unattended between my customers Point of Sale system and Xero) which runs as a Windows Service? A private app for a single organisation. – droopsnoot Apr 17 '20 at 10:37
  • @Droopsnoot - yes! Highly recommend to move to OAuth2.0. Depending on your architecture you might need to leverage PKCE https://developer.xero.com/documentation/oauth2/pkce-flow - email us at api@xero.com and we can guide you to the right solution – SerKnight Apr 17 '20 at 17:06
  • OK. I've been looking at sample apps on the developer site, but nothing seems to be letting me work entirely in the background as I do now. My lack of .net core (and c#) knowledge just makes the whole thing look very difficult. – droopsnoot Apr 17 '20 at 18:40
  • @droopsnoot - you will first need to go through the auth flow to obtain a valid access_token and refresh token.. From there you can 'work entirely in the background' as long as you have the script refresh the access_token for a new one before each run. Video should be posted on https://www.youtube.com/channel/UC7DA_vntKKChsenzpL7QWPg soon/ – SerKnight Apr 20 '20 at 21:30
  • OK, so there is still a need for a foreground app to handle the user logging in. I figured that was the case. It's a pity as it adds another level of complexity to things. It's a struggle explaining to my customer why I need to bill them for 'x' hours to rewrite something that already works perfectly well. – droopsnoot Apr 21 '20 at 08:47
  • If it’s for a single ( or manageable amount ) customer you can use the CLI tool to get their tokens. You then only need to handle refreshing of the token in your backend process. – SerKnight Apr 21 '20 at 14:25
  • 1
    Thanks for the video Christopher, it highlighted to me that I was making the process overly complicated by using https://github.com/XeroAPI/xero-php-oauth2-app as a base for the project, far simpler if I just write the code in a few pages and store the tokens in a database. – ruraldev Apr 23 '20 at 20:28