Xero access token. If the token needs refreshing, call xero_creds.
Xero access token Refreshes a Xero OAuth2 access token. When that happens, your application can run this code to refresh the access token, and then retry the request using the new access token. However the refresh token is only valid for 30 mins. Authorization: "Bearer " + access_token. Accounting A great answer addresses the original question, and might include examples or links to more info. refresh() and store the resulting token again so it can be (PowerShell) Refresh a Xero OAuth2 Access Token. All API requests go through Xero's OAuth2. Once you get refresh_token using offline_access scope, you will use this token to get access token. I can delete it on my end in the DB of course and it's In API Support, some of the trickiest questions we get are around how to authenticate to the Xero API. You can use the code below by creating 4 separate PHP files and securely replacing your CLIENT_ID, CLIENT_SECRET and REDIRECT_URI. Join a vibrant community of developers whose integrations with Xero are shaping the future of small businesses globally An archived conversation from Xero Developer Community Forums from Thu, 16 Jan 2014 21:14:17 I don't see an endpoint anywhere in the docs to revoke an access token. To do this you will need to make a POST request to our token endpoint: https: //identity. We use OAuth 1. RequestBody from AddParameter and it worked. We include identity models for Xero tokens and tenants along with methods to No, the xero-tenant-id header is not required. Community; Sign to re-authenticate with Xero unless the user has granted offline_access permissions in which case you can refresh the access token on their behalf ensuring no further re-authentication required Refreshing access tokens Access tokens expire after 30 minutes. If you are making an API call for the first time: Sets - But I can't find anyway to get access token without involving a user to login to my Xero account And I can't find any documents about Authentication and Authorization API (which I can past on my account's credential and company ID to get access token and xero code or something like that) - Can someone help me with this problem, thanks! A great answer addresses the original question, and might include examples or links to more info. oAuth 2. 34. 0? 1. 1. 0 authentication. 0 authorisation flow correctly, you will have the access_token and id_token (and refresh token? if offline_access scope was used). Remember when an organisation connects to you and you begin to pull data, you need to anticipate they may have thousands of records to pull. Docs. Log in or get support about using Xero. Store the access token and selected tenant ID against the user's account for future use. that will support the client_credential grant and long lived access tokens. Peter Miller. Xero request access token is timing out. You’re now the proud owner of an OAuth 2 token_set! Now we need to move the new token_set to our production environment and associate it with the user who initially authorized OAuth 2. Make time tracking, scheduling and job management a breeze. The authentication process involves several steps to ensure secure access to the API. This has been occurring almost once a week Authenticating with the Xero API. All API requests go through Xero's For each call my grants are"openid email profile accounting. It appears to be a bug when a refresh_token is generated before the access_token has expired, the refresh_token does not last. Once the user has gone through the OAuth 2. a single token is for single organization I think. new (provider. Using the access token and the response from the Connections endpoint, the necessary ID can be obtained and the mapping carried out automatically, avoiding manual actions from a user. The sample app does this with two separate routes: Disconnect() and Revoke(). 0 in Postman but the response is always "error": "invalid_client". It’s highly recommended you save the tokens to a global Xero tokens table, and use the xero-user-id as the primary key, to avoid invalidating a token unintentionally. Retrieve the list of tenants (typically Xero organisations), and let the user select one. Onboarding multiple Xero organisations is made easier with the use of Bulk Connections. 0 config. The second layer of security is designed to prevent anyone but you from accessing your account even if they know your password. I use OAuth 2. Accounting software. To refresh your access token you need to POST to the token endpoint: https://identity. Requesting an I have set up Postman as per the help instructions and Xero to get the ClientID and Client Secret. What is a tenant? Xero is a multi Revoking Xero token and disconnecting from Xero. 0 > access_token; Scroll down So if you are reading and writing data to a Xero org on a customer's behalf, they will need to authenticate that connection a single time. This is the request: An archived conversation from Xero Developer Community Forums from Wed, 2 Jun 2021 05:20:39. json file; refresh Xero access token on expiry; allow user to switch between Make your business even better in 2025 by using the Xero App Store to find the tools you need to help save time, grow your business, and stay in control of your cash flow. All Xero access tokens expire after 30 minutes. I can delete it on my end in the DB of course and it's effectively the same, but just Unfortunately, I've run into an issue straight away and I don't have access to enough info from the gem to diagnose further, so I am hoping to get som Gateway. But can someone elaborate on how to setup the access tokens? Stack Overflow for Teams Where developers & technologists share private knowledge with coworkers; Advertising & Talent Reach devs & technologists worldwide about your product, service or employer brand; OverflowAI GenAI features for Teams; OverflowAPI Train & fine-tune LLMs; Labs The future of collective knowledge sharing; About the company A user refers to the Xero user who has authorised the connection between your app and their Xero tenant. You would also need to ensure you have offline_access included in your scopes. 0) for the first time in a couple of years and cannot figure out how to get it to save the token to use in a request like it used to. Do access tokens expire? Yes access tokens expire after 30 minutes but a new access token can be requested (as above) without user interaction. Before using the access token, check if it has expired and refresh it if necessary. Retrieve your client id and client secret, 5. Disconnecting involves removing a single organisation’s connection to an app, whilst revoking removes all the connections from the All API requests go through Xero's OAuth 2. 0 access_tokens & refresh_tokens to programmatically run scripts that connect to Make your business even better in 2025 by using the Xero App Store to find the tools you need to help save time, grow your business, and stay in control of your cash flow. 0 authorisation flow correctly, you will have the access_token and id_token (and Join a vibrant community of developers whose integrations with Xero are shaping the future of small businesses globally An archived conversation from Xero Developer Community Forums from Wed, 16 I'm having issues with API calls to Xero returning invalid grant errors when trying to refresh the access token using the refresh token. At this point i need to re-login and allow/auth the app form Xero. How Xero accounting I am not very keen on modifying my staging and production containers just in order to run a one-off token generation. On the Auth tab, I selected Join a vibrant community of developers whose integrations with Xero are shaping the future of small businesses globally An archived conversation from Xero Developer I don't see an endpoint anywhere in the docs to revoke an access token. Join a vibrant community of developers whose integrations with Xero are shaping the future of small businesses globally An archived conversation from Xero Developer Community Forums from Mon, 18 Oct 2021 23:23:40 This requires us to manually create a new access token and start the process again. 0 Scope. RefreshToken. Time tracking apps. Hope that helps! NH. request_token (oauth_callback: callback_url). Unable to get a connection with Xero SDK with C#. Explore Xero's APIs. We include identity models for Xero tokens and tenants along with methods to The team I manage specializes in coding API integrations between Zoho and third-party finance/commerce suites such as Xero, Shopify, WooCommerce, and eBay; to name but a few. Refreshing an access If implementing external login in Identity Server , after Identity server receive id token/access token from external provider , it will decode the token and get user's claims , sign in user , then create identity server's own tokens and at last return to your client app . These tenants may be organisations or practices. Or you can copy the code below to quickly obtain your new access token, the explaination for each step also available in the code. Disconnecting involves removing a single organisation’s connection to an app, whilst revoking removes all the connections from the // Retrieve a valid xero token var xeroToken = await GetXeroToken (XeroConfiguration xeroConfig); The contents of this method will first retrieve a stored token if exists and check whether it has expired, if it has it will update the stored token value to the refreshed value and return the token: With this extra layer of security, if you separate your access token secret from your private key and other credentials, it will be that much harder for an infiltrator to access Xero data through Hi all, hope you can please help. authorize_url rescue OAuth:: I'm trying to connect Power BI to the Xero API to pull some details. Customize Xero with the Xero App Store. A great answer addresses the original question, and might include examples or links to more info. 2. 0 and it should interact with browser at least once. XERO API Oauth 2. The OAuth 2. We can maintain a valid A great answer addresses the original question, and might include examples or links to more info. decrypt the Access Token, the get User ID, and store 1 pair per unique user id (access+refresh). Refreshing an I am trying to generate Invoices from MS power automate to Xero, I tried multiple ways and at last found a community post suggesting to refresh token every 20 mins. Im confused between "xero-tenant-id"and "id_token" (and tenantId and xero-tenant-id) In short the access_token is the required auth param and the tenant-id, which you can get from the /connections endpoint is what you want to pass as the xero-tenant-id. xero No - I think you should still keep a single OA2 API application (per environment. What are some reasons a developer might choose to build with just an OAuth 2. Use this tool to get Xero access tokens for your Xero Apps that do not have user interfaces e. In Xero, with our sandbox application for API requests, we are able to generate access tokens and refresh tokens, but once access tokens expire, the refresh token flow is executing and refreshing the access token. I created account without verification via auth app on a phone, because with that I wont be able to automate it. We recommend setting up a secure token storage for your production app. Users are redirected back to you with a code, 3. API doc and above statement don't seem to be consistent. Full code for the tutorial can be found in the xero-sso repo and if you create a free Xero demo Access Token Changes. If you are still unable to generate token_sets from sending users through the authorize flow, or are unable to refresh tokens that still have valid (60 day exp) refresh tokens, you can get in touch directly. These need to be set to the Environment Variables, to do this: Highlight the Access Token; Right-click on it; Select Set: OAuth 2. But can someone elaborate on how to setup the access tokens? How to generate an access token in Xero with OAuth 2. An OAuth2 redirect URI setup on the Xero App that points to [host]/auth. Learn about how the Xero authorization flow works and how to get the refresh token from this article. At this stage, I should be presented by Xero's login page asking me to sign into my Xero Account, then ask me to authorize the scopes my app has applied for, then redirect back to my app. Unfortunately they don't support custom url In Xero OAuth 2. I've created a parameter for the Refresh Token, and I can use it in a Power Query to successfully connect to the API, get an Access Token and get the data that I'm interested in. You don't need to decode or manipulate the token at all, and you don't need to verify it - verification happens on the Xero server side. 0, we tie a user to an access token which can have access to several tenants. Get access token and authenticate my app without involving a user to login. A user will connect your app API tokens are vital for authentication and maintaining strong security. Sending the access token in your API call to get info from the Organisation endpoint would If you're using Postman to manually step through the auth flow, here's how you can request an access token : On the Headers tab add the Authorization header with your All API requests go through Xero's OAuth2. I'll submit full details to support. 0 refresh token is associated with the Xero application and used to refresh the access token; the access token expires after 30 minutes. Authorise the connection, 4. As you can see from the diagram, we will need to make a call with base64 encoded client id & client secret, the current access token and the current refresh token to exchange for A postman collection for use with Xero's API and OAuth 2. How to Get Access Token And Refresh Token From Xero Node JSPlease do like share and comment if you like the video please do hit like and if you have any quer Revoking Xero token and disconnecting from Xero. For this reason, you'll need persistent storage for your tokens. Customer login for Xero accounting software. Great to see you trying to seek help. From there, you can make OAuth 2. I'm trying to connect Power BI to the Xero API to pull some details. Is there a way to automate the refresh token update? I realized that the below mentioned link was useful. key, provider. You can then iterate over the tenants and do what you need with each All Xero access tokens expire after 30 minutes. Helps prevent unauthorised access. Modified 1 year, 1 month ago. Xero’s access_tokens are valid for 30 minutes though durations and The Proof Key for Code Exchange (PKCE) flow, Xero tenants, 1. Capture the response from Xero, and obtain an access token. Using the access token and the response from the Connections endpoint, the necessary ID can be obtained and the mapping carried out automatically Customize Xero with the Xero App Store. Json Web Tokens (JWT) claims are pieces of information asserted about a subject. postman_collection. Create the Custom Connection, 2. (atleast the first time). We’ve provided examples in NodeJS, Java, . I'm trying to exchange a verification code for an access token in PHP. Custom Connections, Setting up a Custom Connection, 1. I am also having Offlice_access scope in my calls. Get a new refresh token *and a new access token* (this behaviour does not seem to be documented). Each custom connection can only make calls against one organisation so only the access token is required. Please follow our community guidelines opens in a new tab and be mindful not to share personal information like phone numbers or email addresses as this is a public forum. 0 client and Xero’s API client are decoupled for more flexibility: The OAuth 2. This is understandable. My Refresh token call however is loosing the connected organization even though I am refreshing the token every 20 mins. Jan 2021. Feb 2021. com/connect/token I am trying to generate an access and a refresh token using the new Xero authorization via OAuth 2. 5. Do I need to manage refresh tokens? Xero api signin was just migrated to use OAuth2. Select scopes and the authorising user, 3. PM. If you look in the RFCs there is no requirement to include the client_secret when using a refresh token to get an access_token. It is reccomended that you store this token set JSON in a datastore in relation to the user who has authenticated the Xero API connection. In Xero’s original API, access tokens were tied to the organisation selected by the user in the OAuth flow. If this is RestSharp, the documentation says "If this parameter is set, its value will be sent as the body of the request. xero. If the token needs refreshing, call xero_creds. Xero Developer: Scopes. . We now have the last remaining tokens needed to access the Xero API. Make time tracking, Join a vibrant community of developers whose integrations with Xero are shaping the future of small businesses globally Hi Matt, I believe it is, however to be exact, I have a file that contains client_id:secret, I generate the encoding, using base64 utility, I can confirm that it is the right data by decoding it. According to the Xero API documentation, the offline_access scope is necessary to retrieve a refresh token. Refer to here to get the API from Xero accounting software and . Invaild Grant issue in Xero OAuth2. On the Auth tab, I selected Customer login for Xero accounting software. Xero API 401 unauthorized when retrieving Accounts API endpoint. App developers also need to allow users to disconnect from Xero and revoke their connection too. Your app can refresh an access token without user interaction by using a refresh token. transactions accounting. 13 replies. Follow the steps in the Xero OAuth Documentation to obtain your access tokens. If you are making an API call for the first time: Sets In addition, the offline_access scope tells the API return the refresh_token which are used to refresh access_tokens prior to each usage. 7. Each time you want to call the Xero API, you will need to access the previously generated token set, It looks like you need to specify the grant_type when requesting the new access token. Only one RequestBody parameter is accepted - the first one. How Xero accounting Scopes are additive, Offline access, User scopes, OpenID Connect, Organisation scopes, Accounting API, Payroll API Australia, Payroll API UK, Payroll API New Zealand, Files API, Assets API, Projects API, Payment services, Bank feeds, Now the access_token comes back as a JWT and I need to know what to do with this to get the tenants. 0 gateway and require a valid access_token to be set on the client which appends the access_token JWT to the header of each request. Xero allows users to have access to multiple Xero tenants e. Community; Sign up Log I'd suggest adding the required Scope to your current list of current scopes so you can access the resource you're looking for. Xero API Access request Auth 2. The code below shows how to perform the OAuth 2 I am trying to set up a new Bearer Token request in Postman (v 7. Xero OAuth2 Access Tokens. The API has two tokens: Access Token - valid for 30 minutes; Refresh Token - valid for a single use. To get a refresh token, you must request the offline_access scope. Key scenarios include: Scenario 1: Single User, Multiple Organizations: When a Xero user authorizes access to multiple organizations, The refreshed access token is not working. Xero oAuth 2 authorisation. Explore apps. ". If you are wanting to use the SDK note that there is a sub Nuget package for OAuth helpers that will help you obtain an access token which you need to pass to core api calls. 0? 4. When I hit the Request Token in Postman, the Xero logon screen is shown and when I logon, I do not get the Xero OAuth 2. 0 user authentication. A private app has an unlimited amount of time. When an access token expires (after 1 hour), you will received a 401 status code indicating failure. An archived conversation from Xero Developer Community Forums from Thu, 7 Jul 2022 03:36:31 Skip to main content. I just needed to remove ParameterType. Sending the access token in your API call to get info from the Organisation endpoint would We get the refresh token every time we renew access token. 0 and revoked tenant (access token?) Mar 2021. e. My end goal is to simply be able to store an access token and refresh token on my REST backend (python running in a Heroku container) so that I can perform scheduled nightly accounts-synchronisation with the company's Xero account. Inventory apps. If you are storing a single user's token_set (access_token + refresh_token) duplicated across multiple databases you are going to continue having problems. The whole point of delegating access to a refresh token in OAuth2 is so that you don't need the client_secret. Get access token for Xero with API calls. 0a for authentication which has a multi-step process in order to get the coveted I've worked it out. How to generate an access token in Xero with OAuth 2. 0 doesn't work. 0. Reading the Xero Sample Project README several times over. Its functions include: connect & reconnect to Xero; storing Xero token in a . NOTE * Xero access_tokens last 30 minutes and refresh tokens are valid 30 days. 0. 0 Client package handles Xero OAuth 2. Send a user to authorize your app, Redirect URIs, Scopes, State, Generating a code verifier and code challenge, 2. (C#) Refresh a Xero OAuth2 Access Token. If your app is set up to handle it, the user can connect multiple tenants to your app. Unfortunately they don't support custom url Xero Authentication Flow. Sync Xero with software you already love or easily find and try new apps designed to save your business time and money at the Xero App Store. Tada 🥳- Your OAuth 2. 0 is a protocol that lets your app access a user’s account without accessing their password. 0 user Join a vibrant community of developers whose integrations with Xero are shaping the future of small businesses globally Below is starter code with the authorization flow. I have the Xero API setup and the OAuth flow working. when my access token get expired i try to generate new via refresh token but getting unsupported_grant_type as response. (PHP Extension) Refresh a Xero OAuth2 Access Token. Below is my Refresh token request (Mono C#) Refresh a Xero OAuth2 Access Token. Step 3: Invoke Xero API using the access token The InvokeHttp processor is used to invoke the specified URL. * Use the access token to retrieve a tenant ID. Viewed 583 times 0 . I have linked up the "Demo Company UK" as the tenant (Organisation) and have granted my user with Adviser • Contact bank account admin, I am working with Xero Api for fetching invoices data. A refresh_token lets you get a new access_token when your current one has expired, without See more At the successful completion of an OAuth flow you will be granted an access token to act on behalf of the user. Footer. If we manage this correctly in our application, users should only ever have to authorize our API application once. * Try to use the new access token to retrieve another tenant ID. You will then use that access token to find out which tenants the user has connected to your app. OAuth 2. I am trying to set up a new Bearer Token request in Postman (v 7. Xero-NetStandard-Webhooks-Receiver: This application demonstrates how to receive webhooks If you lose the access token, it expires or you want a simple way to manage your app's connections, It’s highly recommended you save the tokens to a global Xero tokens table, and use the xero-user-id as the primary key, to avoid I am coding up some calls to use OAuth2, and I am getting an Access Token returned, but I am not receiving a Refresh Token. Multi-tenancy can present unique challenges in token management. json at master · XeroAPI/xero-postman-oauth2 Join a vibrant community of developers whose integrations with Xero are shaping the future of small businesses globally An archived conversation from Xero Developer Community Forums from Mon, 18 Oct 2021 23:23:40 This requires us to manually create a new access token and start the process again. A sorta quick article to note how I can generate refresh tokens and access tokens using Zoho Deluge code (so within Zoho Creator, CRM or Books) without XML calls. Refresh tokens allow your app to obtain new access tokens without involving a user again. So first I followed All Xero access tokens expire after 30 minutes. 0 - xero-postman-oauth2/Xero OAuth 2. I use the Xero connector to extract data from xero API in Azure data factory. 0? 0. It seems to keep happening roughly every thirty days and I have to reconnect the app in order to correct it. Check if Photo by Luca Bravo on Unsplash. Prerequisites: A Xero App that the user controls. Accessing Xero API without oAuth callbacks. In a console application, I am trying to create the service functionality which will get the new xero access token and new refresh token after every 30 minutes from xero (once the existing refresh After the user has granted permission to the timesheet app to access their Xero account, a one-time use authorisation code is issued by the Xero API that allows the timesheet app to exchange it for an Access token. 0 library and not the official Xero PHP SDK? All API requests go through Xero's OAuth2. Once you have decoded the access_token, Xero OAuth 2. 0 Refresh Token Flow. Xero will be releasing Custom integrations in the next 30-60 days. The connection is successful but my refresh token expires every 30 minutes. How it works. When you perform a token refresh, you should replace your existing refresh token with the new one returned in the response. In previous posts, we demonstrated connecting to Xero using only an OAuth 2. I've tried two methods, one using CURL and another with HTTP POST and neither are working. This will ensure when you go I'm having issues with API calls to Xero returning invalid grant errors when trying to refresh the access token using the refresh token. contacts offline_access". You get a refresh token by requesting the offline_access scope during the initial user authorization. does We’ve added built in decoding and verification for both Access tokens and ID token in xero-php-oauth2. We used to store tokens separately, but the combined into single token as it seemed correct, but we still seem to have a few issues, not sure if we need to store a token per user (e. g. Your app requests specific permission scopes and is granted an access token upon a user’s approval. Do I need to manage refresh tokens? In this post, I’ll walk you through logging in, getting access tokens, which will be used in the next steps to get access tokens and interact with the Xero API. Hot Network Questions Mixing between the tonic and dominant in melodic dictation Multiple macro definitions from a comma-separated list If you are missing the right scope, after you add the relevant scope to your code, I recommend logging into Xero and navigate to settings > Connected Apps and disconnect your app to revoke the access token. Exchange Xero api signin was just migrated to use OAuth2. ### On each order import * Refresh the access token. Xero Replied. Alternatively, if you'd prefer not to have to manage a refresh token, you might be interested in the premium, Custom Connection option. Looking up literally every other [Xero-Api] tagged post on S. Make your business even better in 2025 by using the Xero App Store to find the tools you need to help save time, grow your business, and stay in control of your cash flow. You can examine the token in a service like https://jwt. secret) begin xero_oauth_consumer. The code below shows how to securely read claims about the access token (a user authentication) and abut the id token (a user’s identity & profile). Python pull report data from XERO by using OAuth2. This has been occurring almost once a week @kunallibra - thank you for your question. But this does appear to be a Xero bug This is an example dotnet core MVC application making use of Xero sign in, and Xero Practice Manager API access using OAuth2. My question was can I have a single token for multiple organization access or can the organization owner give me access to multiple organizations in one go? If it is yet not clear then please tell I will elaborate with example – The current API authentication implementation from Xero does not allow that and the token expires in 30 minutes so I need a way to do this somehow in the background or with any kind of persistent token But you can generate the Access Token and Refresh token with only a single instance of user interaction (which you could do yourself) Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community. Ask Question Asked 1 year, 1 month ago. integrations using the Xero API running on servers in the background. Sorry no one in community's got to you here sooner, Ishan. This guide covers best practices for handling Xero API tokens during the OAuth flow and offers solutions for challenges like token refresh strategies and multi-tenancy We are able to verify and create a user account using their id_token & pull their Xero Invoice data using their access_token. I don't think Xero plan on increasing this for public apps. For sanity, I would also check that the app is still Step 2: Extract the access token and refresh token. Hi Jan and Tony, We did have a problem refreshing tokens on the day stated, however the issues since been resolved. Skip to main content. 0 token_set. If you are making an API call for the first time: Send You can now exchange the client id and client secret for an access token. Mapping organisations. organisations or practices. Aug 2020. Xero API Reports endpoints unauthorised. No, the xero-tenant-id header is not required. My question was can I have a single token for multiple organization access or can the organization owner give me access to multiple organizations in one go? If it is yet not clear then please tell I will elaborate with example – @kunallibra - thank you for your question. If you don’t refresh your access token within 60 days the user will need to reauthorise your app. In Xero, click your initials or image; click Account; under Multi How to generate an access token in Xero with OAuth 2. 0 We’ve covered a few useful tips for retrieving large amounts of data from Xero, and a smart way to bulk upload data to Xero using multiple records in an array in one API call. Refreshing an access token does not need user interaction (i. The EvaluateJsonPath processor is used to filter the fields like access token and refresh token from the JSON data and store it as a flow file attribute. 0 Refresh token. Xero returning a cryptic "Unknown Consumer" 4. Handle Multi-Tenancy. O. NET, Ruby, GoLang and in this post we look at PHP. @anchordigi is correct that when performing a token refresh Xero returns a new access_token and new refresh_token. If the refresh token is valid for 60 days, why Xero API returning new refresh token with access token renewal? Then if we don't store this new refresh token and ask for renewal of access token, we get invalid grant. I've been following the Unused refresh tokens expire after 60 days. ie dev, staging, prod) But you should keep a DRY (do not repeat yourself) instance of a user / token_set combination. Xero Tutorial for beginners #3 How do I get a Xero access token?Master Xero Accounting: Complete Tutorial for Beginners to Pros! 📊 Effortless Xero Accountin * Use the user code to retrieve an access token. To make API calls, you'll need to authenticate with Xero using OAuth 2. io if you like. How Xero accounting Access Token Changes. 0 library. I know there are a few changes that have come through around OAuth and migrating connections - I'd say our Developer Centre is the best place to seek help around this - While we have lots of information on the changes here, it sounds like you might be best to Core API call - looks like you need to prefix the token with the Bearer string. Attempting to refresh using this token always results in an invalid_token exception. Make calls against the Xero APIs by simply adding the following headers to your request: For example, You can find out the Tenant ID to access from the connections endpoint, explained on the Xero Tenants page. Core API call - looks like you need to prefix the token with the Bearer string. Mar 2021. 5 replies. A partner app has a 30 minute token time but it doesn't require you to have the request access for 30 minutes every time, tokens can be renewed. This scope is currently missing in the OAuth2 Scope configuration. Hi, I'm developing an app for Xero and have spotted a problem with the refresh token process, URL below. From there you can use OAuth 2. ewbbjhmlkkifauutthvebezmmppzbfgjsijrwotidatrmafgvyqzevbzln