Using the Xero API with Java

Private Application – Ross Jourdain

Xero API Private Application code sample – contributed by @rossjourdain.

PrivateApplication-Java on GitHub.com ›

Examples for public, private and partner apps are included.

Private Application – Google OAuth

Thanks to Eric Nadalin from Nexmo for contributing this how-to guide.

This is an outline guide on how to use the Xero API with a private API application. If you have any tips or suggestions, please contribute them here and we will update our documentation.

Self-signed certificate generation

Using OpenSSL

  1. openssl genrsa -out xero_privatekey.pem 1024
  2. openssl req -newkey rsa:1024 -x509 -key xero_privatekey.pem -out xero_publickey.cer -days 365
    The .cer will be needed when creating the API application in the Xero Developer Centre ‘Add Application’ screen
  3. Extract the private key in PKCS8 format: openssl pkcs8 -topk8 -nocrypt -in xero_privatekey.pem -out xero_privatekey.pcks8

Sample code

<%

// generated by xero
String CONSUMER_KEY = "GENERATED BY XERO WHEN CREATING YOUR APP";

// You will find the CONSUMER_PRIVATE_KEY in the .pcks8 file generated previously
// remove -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- 
String CONSUMER_PRIVATE_KEY = "MIICeAIBADANBgkqhkiG9w0BAQIwggJXAAOlOGibUTx65x07L\n"+
"vHCCJWzF5CAcG53V/yg6/MCvmozgBJQyngz8ytgD9Fv1BYa2oSneFh3q3k\n"+
 "E5mlIX1m90ZeZkJJ0RLpLtRBfKWeQGipDw5KCZjqtQjs4MQ76X6zZRhv4\n"+
 "R3fbWfoo5yVbt5Bet/E5mlIX1m90ZeZkJJ0RLpLtRBfKWeQGipDw5KCZjqtQjs4M\n"+
 "jx7+eM5fRN9RAjzosUjcnidfnMZwDfbRInNMLlUwVn8NiMKDSi5urCPBfSIH04By\n"+
 "nL2l0xsuR8C/ZRU5O9PkovSuY0rTIkvgk9IixStUXoAonklQDyZIQlECQQCO7bqq\n"+ 
 "thb+ds9+0CpfQyrqk4Mea7dowCH4qLCgfPZNWyY3nR62gi76OYGVKfwFPvJnNKcQ\n"+
 "ro+uGRpx0lF0+crM";

  
     OAuthServiceProvider serviceProvider = new OAuthServiceProvider(null,null,null);
     OAuthConsumer consumer = new OAuthConsumer(null, CONSUMER_KEY, null, serviceProvider);
     consumer.setProperty(RSA_SHA1.PRIVATE_KEY, CONSUMER_PRIVATE_KEY);
     consumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.RSA_SHA1);
     OAuthAccessor accessor = new OAuthAccessor(consumer);

        
     OAuthClient client = new OAuthClient(new HttpClient4());
     System.out.println("accessToken: "+accessor.accessToken);

     accessor.accessToken = CONSUMER_KEY;

        
     OAuthMessage response = client.invoke(accessor, "https://api.xero.com/api.xro/2.0/Organisation", Collections.<Map.Entry<?, ?>>emptySet());
     String  responseAsString = response.readBodyAsString();

        
     System.out.println("RESPONSE IS" + responseAsString);


%>

Libraries

OAuth on code.google.com ›
  • oauth-20100601.jar
  • oauth-consumer-20100601.jar
  • oauth-httpclient4-20100601.jar

Public and Partner applications

It is possible to use the Java Google OAuth library with the Xero API, but it does not appear the callback URL parameter is correctly handled. The following additional code snippet is required to set a callback url:

<%

Map params = new HashMap();
params.put(OAuth.OAUTH_CALLBACK, "https://www.xero.com/callback_url");
try {
	client.getRequestToken(accessor, null, params.entrySet());
	} catch (Exception e) {
		logger.error(e, e);
		throw new OAuthException("There was a problem getting the request
token");
}

%>

Keen to contribute a partner app example? Drop us a line and we’ll recognise your contribution here.