Using the Xero API with Java

Connectifier – Ben McCann

Xero API Private Application code sample – contributed by Ben McCann.

Private Application – Ross Jourdain

Xero API Private Application code sample – contributed by @rossjourdain.

Private Application – Google OAuth

Thanks to Eric Nadalin from Nexmo for contributing this how-to guide.

This is an outline guide on how to use the Xero API with a private API application. If you have any tips or suggestions, please contribute them here and we will update our documentation.

If you’re having trouble with PUT requests via the Java Google OAuth library see this thread.

Self-signed certificate generation

Using OpenSSL

  1. openssl genrsa -out xero_privatekey.pem 1024
  2. openssl req -newkey rsa:1024 -x509 -key xero_privatekey.pem -out xero_publickey.cer -days 365
    The .cer will be needed when creating the API application in the Xero Developer Centre ‘Add Application’ screen
  3. Extract the private key in PKCS8 format: openssl pkcs8 -topk8 -nocrypt -in xero_privatekey.pem -out xero_privatekey.pcks8

Sample code


// generated by xero

// You will find the CONSUMER_PRIVATE_KEY in the .pcks8 file generated previously
// remove -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- 

     OAuthServiceProvider serviceProvider = new OAuthServiceProvider(null,null,null);
     OAuthConsumer consumer = new OAuthConsumer(null, CONSUMER_KEY, null, serviceProvider);
     consumer.setProperty(RSA_SHA1.PRIVATE_KEY, CONSUMER_PRIVATE_KEY);
     consumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.RSA_SHA1);
     OAuthAccessor accessor = new OAuthAccessor(consumer);

     OAuthClient client = new OAuthClient(new HttpClient4());
     System.out.println("accessToken: "+accessor.accessToken);

     accessor.accessToken = CONSUMER_KEY;

     OAuthMessage response = client.invoke(accessor, "", Collections.<Map.Entry<?, ?>>emptySet());
     String  responseAsString = response.readBodyAsString();

     System.out.println("RESPONSE IS" + responseAsString);



  • oauth-20100601.jar
  • oauth-consumer-20100601.jar
  • oauth-httpclient4-20100601.jar

Public and Partner applications

It is possible to use the Java Google OAuth library with the Xero API, but it does not appear the callback URL parameter is correctly handled. The following additional code snippet is required to set a callback url:


Map params = new HashMap();
params.put(OAuth.OAUTH_CALLBACK, "");
try {
	client.getRequestToken(accessor, null, params.entrySet());
	} catch (Exception e) {
		logger.error(e, e);
		throw new OAuthException("There was a problem getting the request


If you’re having trouble with PUT requests via the Java Google OAuth library see this thread.

Public Application Sample – Sid Maestre

Xero API Public Application code sample – contributed by Sid Maestre

The video below gets you up and running on Xero’s API in Eclipse and on Google App Engine.

Note: the Google OAuth Library has an issue encoding POST parameters when creating the oAuth signature. You can read about how to correct this in this github issue.

Partner API with net.OAuth

The following is a code snippet illustrating the use of the Java Google OAuth library with the partner API:

Scala Xero Partner application

While Scala is not the same as Java, the steps to interface with the partner API can be replicated for Java by following the instructions in this blog post from add-on partner Smeebi.