Xero has an excellent API, or more precise a number of APIs, and encourages developers to build applications that can be sold on their add-on marketplace. The APIs that they expose are the following:
- Xero Core (Accounting) API – exposes accounting and related functions of the main Xero application and can be used for various purposes such as creating transactions like invoices and credit notes, right through to extracting accounting data via our reports endpoint.
- Xero Payroll API – exposes payroll-related functions of Payroll in Xero and can be used for various purposes such as syncing employee details, importing timesheets, etc.
- Files API – provides access to the files, folders, and the association of files within a Xero organization.
- Fixed Assets API – which is under review. This feature is not yet available, but users can vote for it to become publicly available.
- Xero Practice Manager API – a recently released product built on the WorkflowMax product, an API for managing workflows.
In this post, we’ll focus on the Xero Core (Accounting) API, which exposes the core accounting functionalities of the Xero product. The Xero API is a RESTful web service and uses the OAuth (v1.0a) protocol to authenticate 3rd party applications. As a RESTful API, interacting with it can be achieved by using tools like CURL or Postman or Apirise or by using http clients for your favorite language or framework. A few suggestions:
As a product and consequently an API that has to deal with sensitive data, Xero API takes really good care of security. For this reason, many different applications can be developed and integrate with it, where the main difference is how the application authenticates, how often the tokens expire, and general security-related aspects. For more about the different application types, you can consult the application types guides on their documentation.
Xero API requests limits
The Xero API has three different types of limits that enforce the usage of their API. It’s extremely important to keep those in mind when developing against its API and a reason for many headaches when someone attempts to build an infrastructure for extracting data from it.
- Daily limit – of 1000 API calls per organization.
- Requests per minute – each OAuth access token can be used up to 60 times in any 60 second period. This rate limit is based on a rolling 60-second window.
- Request Size Limit – A single POST to the Accounting or Payroll APIs has a size limit of 5MB.
For more information about the API limitations, please consult the documentation for text/xml but you can override this option and request JSON responses if preferred.
Requesting data from the Xero API
Let’s assume that you would like to retrieve all the invoices that you have issued through Xero and put the information in your data warehouse to perform analytics and reporting. To do that you should perform a GET request to the https://api.xero.com/api.xro/2.0/Invoices endpoint.
A typical result, in XML, from performing such an action is like the following:
<AddressLine1>L4, CA House</AddressLine1>
<AddressLine2>14 Boulevard Quay</AddressLine2>
<Description>Onsite project management </Description>
It is possible to paginate your results by using the paging support of the Xero API, which is very useful when you have to work with a large number of invoices. Also, it is possible to request from the API only the latest invoices. This is done by providing the “Modified After” parameter on the GET request to the API. The ModifiedAfter filter is an HTTP header: ‘If-Modified-Since.’
A UTC timestamp (yyyy-mm-ddThh:mm:ss) . Only invoices created or modified since this timestamp will be returned e.g. 2009-11-12T00:00:00.
Xero exposes a very rich API which offers you the opportunity to get very granular data about your accounting activities and use it for analytic and reporting purposes. But, of course, this richness comes with a price, though many resources have to be handled where some of them allow fetching updates and others not.