Skip to main content

At a glance

Credentials

Set these per environment. See Connect an integration. With a managed OAuth app, Connect works without these variables; set them to use your own OAuth app instead.

Setup

  1. Create a Xero account: Sign up at https://www.xero.com/ - every Xero login includes the free Demo Company, which is ideal for testing API calls without touching real books.
  2. Create an app in the Xero developer portal: Go to https://developer.xero.com/app/manage and create a new app (Web app type). Set the redirect URI to your app’s /api/auth/xero/callback URL.
  3. Copy credentials: Copy the Client ID and generate a Client Secret from the app’s Configuration page. Set XERO_CLIENT_ID and XERO_CLIENT_SECRET in your .env.
  4. Connect and discover your tenant: Complete the OAuth flow, then run the List Connections tool. Copy the tenantId from the response - every other Xero tool requires it as the tenant_id parameter (sent as the xero-tenant-id header).
  • The offline_access scope is required - without it Xero issues no refresh token and access expires after 30 minutes
  • Refresh tokens are single-use and expire after 60 days of inactivity
  • The token endpoint authenticates with HTTP Basic (client_id:client_secret base64-encoded)
  • Every Accounting API call must include the xero-tenant-id header; use List Connections to find it
  • The accounting.attachments scope is required for the Create Invoice Attachment tool; attachment bodies are raw file bytes (max 10 MB)
  • Uncertified apps are limited to 25 connected organisations
Provider API reference: https://developer.xero.com/documentation/guides/oauth2/auth-flow/

Tools

Example prompts

  • List my Xero invoices that are overdue, with amounts due and contact names.
  • Create a draft sales invoice in Xero for a contact with the line items I provide.