Skip to content
 

Developer

See all pages
Try Xero Free

API Overview

The Xero API is located at https://api.xero.com. This url is used as the API and a website to register applications and test the API.

All calls to the API use the following base URL – https://api.xero.com/api.xro/2.0/

The API is a RESTful service, making use of HTTP methods such as GET, PUT and POST. Data is sent and received through the API endpoints in an easy to understand XML format – making it quick and easy to integrate your application with Xero.

To enable easy authentication with other web applications, we use OAuth (v1.0a) for authentication and support the following scenarios:

Public applications – use the standard 3 legged OAuth process where a user can authorise your application to have access to their Xero organisation. Public applications can either be web based or desktop/mobile installed. Access tokens expire after 30 minutes by default

Partner applications – are public applications that have been upgraded to support long term access tokens for use with many Xero organisations. Apply to become a Xero Network partner to have your application upgraded.

Private applications – use 2 legged OAuth and bypass the user authorization workflow in the standard OAuth process. Private applications are linked to a single Xero organisation (chosen from a list of organisations you have standard user rights to). With this approach access tokens don’t expire so this works well for unattended applications that push or sync data with Xero periodically. e.g. creating invoices for billing each night.

We suggest you follow our getting started guide for developers to get up and running with our API.


API Usage Limits

There is a daily limit of 1000 API calls that a provider can make against a particular Xero organisation in a rolling 24 hour period. In addition to the daily limit, each OAuth access token can be used up to 60 times for each 60 second period.
For a full explanation see our API Usage Limits page.


Xero System Limits

Invoicing
Xero is designed for volumes of between 200 – 500 invoices per month, dependent also on the frequency of invoicing during the month, variability of amounts and the frequency of sales tax reporting requirements.

Bank Transactions – Spend & Receive Money
Xero is designed for volumes of up to around 1,000 bank transactions per month, also dependent on the frequency of transactions during the month and variability of transaction values.

Inventory Items
Inventory item lists of greater than 1,000 could cause performance issues for users invoicing via methods other than the API.

Contacts
Contact lists of greater than 5,000 could cause performance issues for users utilizing Xero via methods other than the API.

Xero will work with higher levels than this but the performance of some features and reports may become degraded.


Xero Pricing Plan Limits

Xero organisations using the “Small” pricing plan can enter up to 5 approved Accounts Receivable invoices and 5 approved Accounts Payable invoices per month. The invoice date (not the creation date) is used to determine which month an invoice was entered.

If you exceed this invoice limit when using the Xero API you will receive a HTTP 400 response code with the following error message


  You have reached the limit of invoices you can approve.

Revoking Authorization

There are a number of ways that your application can have access revoked from a Xero organisation. If your application can no longer get access to the API please check the following conditions:

  • The access token has expired. This is typically after 30 minutes for public applications.
  • The user has explicitly revoked access to your application from the main Xero application (Settings > General Settings > Xero Network).
  • The user that authorized your application has been removed from the organisation or has been downgraded to either Employee or Read Only roles.