Frequently asked questions

Get help with common queries


Will OAuth 2.0 support desktop/mobile/single-page apps that can’t keep a client secret confidential?

Xero supports the Proof Key for Code Exchange (PKCE) extension to the authorization code flow. This allows native apps to securely connect to our API without needing to store a client secret. Single page apps are not currently supported.