0

I am building an application with Xero apis.

I have implemented the OAuth flow successfully and I am able to CRUD invoices for a given tenant.

The issue I am facing is implementing the webhook and how I am meant to GET data from my server.

Typically using OAuth the request is on behalf of a specific user where my server simply manages the access / refresh tokens for each request; But now Xero is posting an event directly to my server how am I meant to (in an authorised manner) fetch the relevant resources from Xero and update my DB accordingly?

Do I just grab any user for that tenant and make the request on behalf of them or is there some method that I have completely missed that allows me to make authorised server to server calls?

Jim
  • 570
  • 5
  • 15

1 Answers1

1

You can use a valid access token from any user for that tenant to make the GET calls to the relevant endpoint for the resource eg invoice or contact

sallyhornet
  • 364
  • 2
  • This leads me to believe that I don't really need to store each users encrypted OAuth session / refresh keys, and I really only just need to store 1 per tenant because it doesn't matter who did want (my use case anyway) – Jim Jun 03 '23 at 08:46