OAuth 2.0 is generally available and required for all new integrations. Our implementation supports the standard authorization code grant type and you can find the details of how it works here.
We have a migration endpoint for partner apps to bring existing connections to OAuth2.0. Migrating your connections will provide a smoother user experience and ensure your app retains its status in the partner program.
We will not be providing a migration path for public and private apps. If you have an integration using a public or private app you can create a new OAuth2.0 app and migrate your users at any time.
The key dates for migrating OAuth 1.0a apps:
In April 2020 the WorkflowMax API is coming to api.xero.com and OAuth 2.0. For details on migrating from the WorkflowMax API check out the specific guides for WorkflowMax and Practice Manager apps.
Wondering how OAuth 2.0 can work for your back-end service/script? Check out our guide for building machine to machine integrations using OAuth 2.0.
Support for the PKCE is coming soon!
If you have and questions then check out our FAQs on OAuth 2.0 and the migration. If you still need more information then contact us the usual way.
We're have a range of new SDKs and sample apps that intgrate with OAuth 2.0. These are all generated from our collection of OpenAPI definitions.
