In this instruction blog, we will describe how to create OAuth 2.0 API keys on your Xero account. These API keys are necessary in order to make API calls from ERPAG via Blockly scripts. The instructions show how the process itself currently looks. If in the meantime the design of the website we are describing changes, follow the steps described in the Xero documentation. In essence, regardless of possible website design changes, the principle remains identical and you will easily find your way and follow this instruction.

Since OAuth 2.0 authorization is a system with almost the highest level of security, receiving API keys is much more complex than standard ones. Therefore it is necessary to follow the next steps:

  • First of all, you need to have a registered Xero account with which you can access your data. This is the account you use to log into the Xero service;
  • With your Xero account log in to the Xero Developer portal;
  • Through the Xero Developer portal create your private application;
  • After creating the private app, fill in the parameters of the application that Xero requires. After this, Xero generates the necessary data (Client ID and Client Secret) for authorizing external applications (ERPAG, in this case).

Working with the Xero account

Let’s start from scratch! First, create your Xero account. Once you have your own Xero account, log into the developer portal on the following page:

xero login

After logging to the developer portal, click on the “My Apps“ option, as shown on the image below.

xero my apps

The next step is creating a private app by clicking on the „New app“ button.

xero new app

Now it is necessary to follow the steps for creating a private app:

xero add a new app

Enter the description (you can enter anything as a description). After that, select Web app, enter URL address of your company. In „Redirect URI“ field enter the following link as shown on the image below. Finally, click on the „Create app“ button.

After creating the application, you will get the following screen (pictured below). Here, activate option „Configuration“ and click on the „Generate secret“ button.

xero configuration

Save the „Client ID“ and „Client Secret“. You will enter them in ERPAG later.

Now your private Xero application is ready for API calls that you will be able to create & call on your own from ERPAG.

Finally, it is necessary to create a new API authorization in ERPAG, with the parameters you just generated on the Xero developer portal.

Working in ERPAG

Log into ERPAG and activate the option „Administration – Customization“ – „API Authorizations“.

ERPAG API autorizations

Select „ADD NEW“ – „OAuth 2.0“ option.

erpag add new oauth 2.0

For API calls to Xero, it is necessary to first authorize application. This means that you have to enter a large number of parameters that you can find on the following website:

You will find out that the basic setup of the authorization process itself requires you to study a large documentation. That’s why we at ERPAG have created Templates for several different services. Here you only need to enter two basic data, while the other parameters are filled in automatically. In case you need any modification, you can always correct the offered parameters afterward, but it must be according to the documentation of the service you want to authorize (in this case, Xero).

By entering the “API authorization” form, go to “Template” and activate the “Xero” option as shown in the image.

erpag oauth templates

Entering Client ID and Client secret

Now it’s required to enter „Client ID“ and „Client Secret“ from Xero. At the end, confirm the import.

erpag client id and client secret

After import confirmation all required parameters will be automatically set up. Save the document.

erpag oauth 2.0 authorization

As you can see from the picture, the document status is “NOT AUTHORIZED”. This means that we only entered the parameters, but the application is still not authorized. Now you need to activate the “Get a new Access Token” option to finally allow access to your Xero API service.

ERPAG get new access token

By activating the “Get a new Access Token” option you are starting the process of connecting ERPAG with Xero through the OAuth 2.0 protocol, which requires you to log in to your Xero account and allow access to your Xero company.

xero allow access

After successful authorization, the status will be “AUTHORIZED”. If some of the input parameters are incorrect or you have quit the authorization, the status can be “AUTHORIZATION ERROR”.

erpag xero authorized

Successful authorization considers that ERPAG received an authorization token and refresh token from Xero, which looks as follows:

"expires_in": 1800,
"token_type": "Bearer",
"refresh_token": "JghKugnpMo2-yhbkjTFCEiw1rzlkyhHFTk",
"scope": "openid profile email accounting.transactions accounting.settings accounting.contacts accounting.attachments offline_access"

The received access token is stored by ERPAG in your database. You can use it through Blockly scripts to make new API calls to Xero according to your needs. Since the obtained token has a limited duration (expires_in in seconds) and if the token has expired, ERPAG will use the refresh token data to automatically receive a new access token. However, Xero authorization is limited to a maximum of 60 days, meaning the refresh token expires after 60 days. In that case, ERPAG will not be able to automatically get a new access token, but you will have to click the “Get a new Access Token” button in ERPAG every 60 days to reauthorize.

Start NOW

Read More

Related Posts

How Great Inventory Software Can Help Fight Inflation

In today's rapidly fluctuating economy, businesses face the daunting challenge of fighting inflation. Rising costs can erode profits and disrupt operations, making it essential to adopt strategies that mitigate these impacts. One powerful tool in this battle is...

read more
​ERPAG API – Ecwid OAuth 2.0 authorization

​ERPAG API – Ecwid OAuth 2.0 authorization

This instruction blog will describe how to create OAuth 2.0 API keys on your Ecwid account. These API keys are necessary to make API calls from ERPAG via Blockly scripts. The instructions show how the process itself currently looks. If in the meantime the design of...

read more