Version 2.12
Date : 08 November, 2011
New Reports Endpoint
We have released a new report endpoint which is currently in closed private beta for Australian organisations. This will
be documented in a future release.
Bugfix: Invoice LineAmountTypes of NoTax
When specifying a LineAmountTypes of No tax, the line items were returning an incorrect TaxType of the default tax type
for that account, though at 0% rate. There was no net effect to this issue, other than a minor effect to the layout of
PDF invoices generated with this condition.
>
A validation warning is now raised for inconsistencies between document TaxType and LineAmountType.
Version 2.05
Date: 15 December, 2010
New feature and improvements
- Journals endpoint with ability to GET Journals
This data is essentially the same as the data you can retrieve manually in Xero from the “Adviser > Export GL Transactions”
menu. See our
Journals endpoint
- Invoice branding themes
Branding themes can now be applied to invoices created via our API.
We've added a BrandingTheme endpoint so you can retreive a list of branding themes an organisation is using. To apply
a branding theme to an invoice you can include the BrandingThemeID element. See our updated
Invoices endpoint documentation for more details.
If a BrandingThemeID is not specified on an invoice Xero will use the default branding theme for an organisation.
- Invoice URL links
You can now add URL links to invoices. If a URL link is specified, Xero will show a "view invoice in [app name]" link at
the top of invoice.
To add these links you just need to add a URL element to your APi call. See our updated
Invoices endpoint documentation for more details.
- API Rate Limiting
We've introduced a daily limit of 1000 API calls that a provider can make against a particular Xero organisation in a rolling
24 hour period. If you exceed this rate limit you will receive a HTTP 401 response. This limit is in addition to the 60
calls per minute per provider that is currently in place. The daily limit response message will look like the following.
oauth_problem=rate%20limit%20exceeded&oauth_problem_advice=please%20wait%20befor e%20retrying%20the%20xero%20api
What's next on the roadmap?
- Manual Journals - the ability to post draft manual journals.
- Reporting APIs - In Q1 2011 we’ll be releasing the first of our reporting endpoints. Cashflow and other speciaist reporting
or analysis apps will be able to easily access a growing range of data from Xero. Our team is really excited at the
possibilities this will open up to developers.
Version 2.03
Date: 29 March, 2010
New feature and improvements
- Support for private applications
Private apps use 2 legged OAuth and bypass the user authorisation workflow in the standard OAuth process. Private applications
are linked to a single Xero organisation (chosen from a list of organisations you have standard user rights to).
Please read our developer information about setting up a private application
- Revoke access for applications
You can now revoke access to API v2 applications from inside the Xero application.
Go to the Xero Network Settings page (Settings > General Settings > Xero Network) to see a list of applications
that have access to your organisation - they are listed at the top of the screen. You can click "disconnect" to revoke
access.
Public applications still have access revoked automatically after 30 minutes of being authorised.
Private applications can be reinstated by generating a new consumer key and consumer secret from the Edit screen in
the developer portal.
- Callback urls for public applications
You can now specify the oauth_callback parameter and redirect back to a different URL as long as it is still within your
apps callback domain(you can now specify in your application settings in the developer portal). This is useful if you
give your customers a unique subdomain to login to your application.
- Code samples
We have some cody samples in Ruby & .NET(coming soon) that you can use to get familiar with private apps. If you'd like
to contribute code examples in other langauges please email them to
network@xero.com
What's next on the roadmap?
- Support for
Partner applications is coming very soon. Partner apps are public applications that have been upgraded and given
longer access to organisations without end users having to reauthorize access. This will enable Xero Network partners
to use long term access tokens with single instance multi tenanted web applications.
- Add draft manual journals, add spend money, receive money & transfer money transactions
- Approve invoices via the API
Your feedback
We are always trying to deliver the features you are asking for so keep the feedback coming - please
vote for what we should be working on next.
Xero Developer API v2 – Developer preview release
Date : 8 September, 2009
New features and improvements
- Authentication change to using OAuth only.
- initial OAuth support - all access tokens that expire after 30 minutes
- longer term access tokens will be available soon –
see below for more info
- All API methods are now easier to use
- ordering of top level XML elements now doesn't matter
- we've reduced the number of required elements for many API methods
- you can now filter results returned
- Better error messaging
- required xml elements that are missing will be returned
- required element values that are missing will be returned
- error codes will be returned for validation errors
- Easier to add invoices
- tax values on line items are no longer required e.g. just specify description, unit price (exclusive or inclusive
of tax) & quantity
- if tax amounts are specified we expect an identical match to Xero calculations
- draft invoices can be updated
- Add draft invoices in a foreign currency
- Add payments to approved invoices
- Add draft Credit Notes (standalone)
- API call throttling - max 60 calls per minute per API provider
- Getting started with the Xero API is now easier
- No need to apply for an API key - just go to http://api.xero.com
- Anyone with a Xero user account can use our API previewer application to get familiar with our API and the user
experience with using OAuth.
- There is no developer sandpit for API v2 - you can use your demo company as a sand pit Xero organisation during
development.
- If you develop an application that suits expiring tokens then you don't need to have your application approved.
We still recommend you run a pilot before you go live.
Why is this titled a developer preview release?
This is not a feature complete release. We thought it would be useful to give you access to our latest stable build
of v2 so you can start getting familiar with the new features and using OAuth if this is new to you.
In this preview release all OAuth tokens will expire after 30 minutes. We are working hard to make non expiring token
support available as soon as we can and realise many of our Xero network partners and 3rd party developers will need
this before migrating from v1. When we introduce this option for developers we’ll also have a mechanism within Xero to
allow users to revoke access for any active access tokens.
Examples of applications that need longer term tokens include:
- server scripts that run as scheduled tasks to create draft invoices, sync contacts
- integrations that use the Xero API after a trigger (e.g. after a sale on your e-commerce site or an update of a contact
in your CRM system
- online solutions that want to offer a "set and forget" approach to integration with Xero
We're working hard to squash any remaining critical bugs over the coming weeks. Please let us know if have any issues - just
drop a quick note to
network@xero.com.
Getting started with API v2
Visit our API preview site
http://api.xero.com to get familiar with the new features and changes.
FAQ's
Why did we choose to go with OAuth?
What we think is great about OAuth is the improvement in user experience – users no longer have to go through the steps
to generate a customer key in Xero and then paste this into a 3rd party application. Using OAuth we now have a suitable
option to allow desktop and newly emerging device installed mobile applications to use our developer API as well.
Why do access tokens expire after 30 minutes by default?
We take the duty of protecting our customer’s data very seriously. Desktop applications that connect to Xero using our
developer API need to have a small access window so you can have a higher degree of certainty that your data cannot be
accessed by others if your computer is comprised. The limit has been set at 30 minutes to be consistent with the session
timeout in the Xero web application.
As mentioned above we will soon have support for longer access tokens to developers that have web based applications
or server scripts which have taken some extra steps to ensure access tokens are kept secure.
Isn't OAuth adding a level of complexity that developers don't need?
Most popular development languages already have OAuth wrapper classes available that make using OAuth very straight
forward. In many cases once you've included the OAuth libraries only a few lines of code is required to add OAuth support
to your application. There is a bit of learning required to get your head around the OAuth terminology but it’s nothing
major. We've included some links to some good sites to check out which include detailed explanations of the workflow
with OAuth and also code examples.
What's next on the roadmap?
- Support for long term access tokens
- Bug fixes
- Add draft manual journals via API
Your feedback
We've been using
Uservoice for a while now to keep track of developer requests. If you're not familiar with this - please go and have
a look. This is a great way for us to know what you want us to build next and is also good way for you to see where your
ideas rank amongst other developer's requests. We are always trying to deliver the features you are asking for so keep
the feedback coming.