caret

OAuth 2.0


OAuth 2.0 is generally available and required for all new integrations. Our implementation supports the standard authorization code grant type and you can find the details of how it works here.


Migrating from OAuth 1.0a

We have a migration endpoint for partner apps to bring existing connections to OAuth2.0. Migrating your connections will provide a smoother user experience and ensure your app retains its status in the partner program.

We will not be providing a migration path for public and private apps. If you have an integration using a public or private app you can create a new OAuth2.0 app and migrate your users at any time.

The key dates for migrating OAuth 1.0a apps:

  • Early December 2019 - No new OAuth 1.0a apps created.
  • Mid December 2019 - OAuth 2.0 migration endpoint available to partner apps.
  • December 2020 - All certified partner apps required to be on OAuth 2.0.
  • March 2021 - OAuth 1.0a will no longer be supported for any apps.

Migrating from the WorkflowMax API

In April 2020 the WorkflowMax API is coming to api.xero.com and OAuth 2.0. For details on migrating from the WorkflowMax API check out the specific guides for WorkflowMax and Practice Manager apps.


Machine to machine integrations

Wondering how OAuth 2.0 can work for your back-end service/script? Check out our guide for building machine to machine integrations using OAuth 2.0.


Mobile and desktop apps

Support for the PKCE is coming soon!


Questions?

If you have and questions then check out our FAQs on OAuth 2.0 and the migration. If you still need more information then contact us the usual way.


SDKs

We're have a range of new SDKs and sample apps that intgrate with OAuth 2.0. These are all generated from our collection of OpenAPI definitions.