The first step is to sign up for a free Xero account. Once you have done that, you have two options as to how you can begin development without incurring any cost:
Check out our Development Accounts guide for more details.
There are limits to the number of API calls that your application can make against a particular Xero organisation.
If you exceed either rate limit you will receive a HTTP 503 (Service Unavailable) response. For a full list of API limits, pleace check our API Limits page
You can do more than one thing in a single request: For example, you can create more than one Invoice in a single PUT or POST Invoices API call. While there is no upper limit in the number of nodes that can be sent at one time, a ceiling of about 50 nodes per request is practical - this will ensure a request does not exceed the maximum size of 3.5MB. You should also review our notes on summarizing validation errors.
If you are hitting rate limits because you retrieve a large amount of data from Xero there are couple of features you should be taking advantage of:
Public apps use HMAC-SHA1 for signing and three-legged OAuth 1.0a. The generated token expires after 30 minutes and then the user must re-authenticate to get a new access token.
Partner apps use RSA-SHA1 for signing and three-legged OAuth 1.0a. The generated token expires after 30 minute like Public apps, but with Partner apps the developer can renew the token when it expires without the user reauthenticating.
There's no real benefit to managing multiple connections though, it just makes your token management more complicated. It won't give you additional rate limits.
At Xero, we take the responsibility of managing our community’s data privacy and security seriously. As part of the work Xero has been doing with the Australian Tax Office and other industry players, we have developed a set of agreed security standards to be applied globally to our ecosystem. These come into effect for new app partners certified after 1 January 2020 and existing app partners have until 30 June 2020 to comply. We’re still working through all the details of our new process, but wanted to share this information with you early, so you can start to understand what these changes mean for your app.
In preparation to meet these new requirements, Xero will be updating our security requirements for our app and developer partners, as well as Xero’s App and Developer Partner Terms of Agreement.
All app partners will need to undertake a security assessment which will be reviewed by Xero’s security team. App partners who reach 1000 or more connections will be required to undertake an advanced security assessment which will also be reviewed by Xero’s security team. App partners will not be certified or listed in Xero’s app marketplace without passing these assessments. App partners will need to undertake and pass the security assessment on an annual basis.
We’re still working through the details of the process, but we’ll contact you when you need to undertake the security assessment and let you know the outcome of that assessment.
The security assessment will need to be undertaken annually.