Private applications use 2 legged OAuth and bypass the user authorization workflow in the standard OAuth process. Private applications are linked to a single Xero organisation which is chosen when you register your application. Access tokens for private applications don’t expire unless the application is deleted or disconnected from within the Xero organisation.
You can create a maximum of 2 private applications against a single Xero organisation.
Private applications use the RSA-SHA1 signature method. You will need to generate a public/private key-pair, of which the public part will be uploaded to Xero during application registration.
Once you have added a private app you will be given a consumer key to use. The consumer key is also used as the access token. The consumer secret is not used for private apps.
The minimum UserRole/permission for a Xero user to be able to authorise an integration/3rd git pull party application against a Xero Organisation is "STANDARD"