Using the Xero API with Java


Java SDKs by Xero

Xero-Java – Sid Maestre

Xero-Java is the recommended server-side SDK, which supports all API application types


Java SDKs contributed by Xero Community

Connectifier – Ben McCann

Xero API Private Application code sample – contributed by Ben McCann.


Private Application – Ross Jourdain

Xero API Private Application code sample – contributed by @rossjourdain.


Scala Xero Partner application

While Scala is not the same as Java, the steps to interface with the partner API can be replicated for Java by following the instructions in this blog post from add-on partner Smeebi.


Private Application – Google OAuth

Thanks to Eric Nadalin from Nexmo for contributing this how-to guide.

This is an outline guide on how to use the Xero API with a private API application. If you have any tips or suggestions, please contribute them here and we will update our documentation.

If you’re having trouble with PUT requests via the Java Google OAuth library see this thread.


Self-signed certificate generation

Using OpenSSL

  1. openssl genrsa -out xero_privatekey.pem 1024
  2. openssl req -newkey rsa:1024 -x509 -key xero_privatekey.pem -out xero_publickey.cer -days 365
    The .cer will be needed when creating the API application in the Xero Developer Centre ‘Add Application’ screen
  3. Extract the private key in PKCS8 format: openssl pkcs8 -topk8 -nocrypt -in xero_privatekey.pem -out xero_privatekey.pcks8

Sample code

// generated by xero
String CONSUMER_KEY = "GENERATED BY XERO WHEN CREATING YOUR APP";

// You will find the CONSUMER_PRIVATE_KEY in the .pcks8 file generated previously
// remove -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY-----
String CONSUMER_PRIVATE_KEY = "MIICeAIBADANBgkqhkiG9w0BAQIwggJXAAOlOGibUTx65x07L\n"+
"vHCCJWzF5CAcG53V/yg6/MCvmozgBJQyngz8ytgD9Fv1BYa2oSneFh3q3k\n"+
"E5mlIX1m90ZeZkJJ0RLpLtRBfKWeQGipDw5KCZjqtQjs4MQ76X6zZRhv4\n"+
"R3fbWfoo5yVbt5Bet/E5mlIX1m90ZeZkJJ0RLpLtRBfKWeQGipDw5KCZjqtQjs4M\n"+
"jx7+eM5fRN9RAjzosUjcnidfnMZwDfbRInNMLlUwVn8NiMKDSi5urCPBfSIH04By\n"+
"nL2l0xsuR8C/ZRU5O9PkovSuY0rTIkvgk9IixStUXoAonklQDyZIQlECQQCO7bqq\n"+
"thb+ds9+0CpfQyrqk4Mea7dowCH4qLCgfPZNWyY3nR62gi76OYGVKfwFPvJnNKcQ\n"+
"ro+uGRpx0lF0+crM";


    OAuthServiceProvider serviceProvider = new OAuthServiceProvider(null,null,null);
    OAuthConsumer consumer = new OAuthConsumer(null, CONSUMER_KEY, null, serviceProvider);
    consumer.setProperty(RSA_SHA1.PRIVATE_KEY, CONSUMER_PRIVATE_KEY);
    consumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.RSA_SHA1);
    OAuthAccessor accessor = new OAuthAccessor(consumer);


    OAuthClient client = new OAuthClient(new HttpClient4());
    System.out.println("accessToken: "+accessor.accessToken);

    accessor.accessToken = CONSUMER_KEY;


    OAuthMessage response = client.invoke(accessor, "https://api.xero.com/api.xro/2.0/Organisation", Collections.<Map.Entry<?, ?>>emptySet());
    String  responseAsString = response.readBodyAsString();


    System.out.println("RESPONSE IS" + responseAsString);