Xero HQ is the platform for accountants and bookkeepers that makes it easier to focus on your clients by connecting all the tools you need to run an accounting or bookkeeping practice.

The Xero HQ API is a RESTful web service and uses the OAuth 2.0 to authenticate 3rd party applications.


The Xero HQ API is currently only available to selected app partners. If you're interested in integrating with Xero HQ then contact your developer evangelist or get in touch here.


The base url for Xero HQ endpoints is
e.g. The URL for the Clients endpoint is


To access the Xero HQ API your app must request the Xero HQ scopes during authorization. Xero HQ scopes will only available after additional certification. If you require access to these scopes please let us know when you register to be a partner.


In order to authorise an API connection to a Xero Practice the Xero user must have the Practice Administrator role.

Types and Codes

See the Types and Codes applicable for use with the Xero HQ API endpoints.

Response Codes

See the HTTP Response Codes and Errors applicable for the Xero HQ API endpoints.

Migrating from OAuth 1.0a

For information about migrating to OAuth 2.0 please check out our migration guide.

[DEPRECATED] URLs for using OAuth 1.0a

Note: All new integrations must be built using OAuth 2.0

In order to authorise an API connection to a Xero Practice (as opposed to a Xero Organisation) you need to add the ?tenantType=PRACTICE parameter to the authorisation endpoints and url.

Please note that you can NOT use an access token for a Xero Organisation to access the Xero HQ API.

Other than the additional parameter, the rest of the authorisation process is as per the OAuth v1.0a spec. The URL’s to authorize your partner application are :

Get an Unauthorised Request Token:
Redirect a user:
Swap a Request Token for an Access Token:
Swap an expired access token for a new one:
Connect to the Xero HQ API: