0

I am currently working on extracting data from Xero through their API. My goal is to retrieve data daily without requiring any user interaction, making the standard OAuth 2.0 flow unsuitable for my needs. The most effective solution I have discovered is the custom connector. However, I am only able to employ this method for my UK organization and not for transferring data from my US organization, because currently custom connections are only available for Xero organisations in Australia, New Zealand and the UK.

What is the best Machine-to-Machine solution in this case? Thanks!

Note: I've tried to setup the standard Xero Oauth2 flow but user interaction is always required to do the login and click on "Allow access" button.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
ssmmaarr
  • 3
  • 4

1 Answers1

1

The whole Xero OAuth 2.0 process has been built to allow users to control access to their data and so a human authorizing the connection is integral to this.

When using OAuth 2.0 you will need to use the web based authentication system for the initial connection. However once this has been established and authenticated by a user, if you've included the offline_access scope in your Authentication, your app will benefit from Access and Refresh Tokens. Refresh Tokens can be used to refresh Access Tokens, without user intervention.

Refresh Tokens are single use, and will last for 60 days or until used. On a Refresh Call you will receive both a new Access Token and Refresh Token, allowing you to use the new Refresh Token on your next Refresh Call. In case a response is lost, Refresh Tokens also have a 30 minute grace period where the same token can be used as many times as you require in the first 30 minutes after their first use. The only time the user would need to interact would be if your app was to lose track of the tokens. In this scenario the web based authentication system would be re-used.

sallyhornet
  • 364
  • 2