Xero
Service ID: xero
Get paid sooner when you accept payments online straight from a Xero invoice. Give your customers different payment options, including PayPal and Stripe.
At a Glance
- Difficulty
- ⚡MODERATESelf-Service OAuth + App Partner Certification Required to Scale
- Partnership Required
- Yes(Required for >25 connections. Xero App Partner Program — certification involves multiple technical checkpoints.)
- Partnership Application
- Xero App Partner Program↗
- Apideck Credentials
- Not available
- Account Type Required
- Any active Xero subscription
- Sandbox Availability
- Available — Access Sandbox↗(Free via Xero Developer Portal (demo company included); 30-day free trial also available at xero.com.)
- Authentication Method
- OAuth 2.0
- Consumer Access Level
- Standard or Adviser level user (Admin recommended for full data access)
What are Apideck credentials?
For select connectors, Apideck has established partnerships allowing you to integrate immediately without your own partnership. When using Apideck credentials, “Apideck” appears as the requesting application during OAuth. Learn more about partnership categories →
Prerequisites & considerations
- Xero Developer Account (free at developer.xero.com)
- Partnership: required for >25 connections via the Xero App Partner Program. Certification requires onboarding at least 3 active customer connections within a 30-day period.
- Xero API pricing: free at Starter tier (up to 5 connections). Tiered pricing applies at scale based on connection count and API data egress. Premium endpoints (Journals, Xero Practice Manager) require the Advanced tier.
- Connection limits: 25 connections uncertified; unlimited as an App Partner
- Redirect URI: `https://unify.apideck.com/vault/callback` (or custom domain if certifying)
- Custom domain: required for App Partner certification — contact Apideck Support to configure
- IP whitelisting: not required
- Webhook setup: optional but recommended; requires additional configuration in the Xero Developer Portal
- For your consumers: any active Xero subscription. Standard or Adviser level user (Admin recommended). Consumers with multiple Xero organisations select which one to connect during OAuth; each organisation is a separate connection.
Responsibility matrix
| Area | Apideck | Partner | Customer |
|---|---|---|---|
| Create Xero Developer Account | — | — | ✓ |
| Register Xero App | Docs provided | — | ✓ |
| Add Credentials to Apideck | — | — | ✓ |
| Apply for App Partner Certification | Support available | — | ✓ (if >25 connections) |
| Set Up Custom Domain (Vault) | Configures on request | — | ✓ (if certifying) |
| Register Webhook (Optional) | Webhook URL provided | — | ✓ |
| Authorize Connection (OAuth) | Handles OAuth flow | ✓ | — |
| Build via Unified API | Maintains connector | — | ✓ |
| Token Refresh | ✓ Automatic | — | — |
| Monitor Connections | Logs and alerts | Can revoke anytime | Via dashboard |
Environments
- Sandbox & Production (shared credentials)
- Xero uses the same credential structure for sandbox and production — the connected Xero organisation determines which data is accessed. Testing options: the Xero Demo Company (included with every developer account, sample data) and a 30-day full-featured free trial via xero.com/signup.
- Multi-Organisation
- When a consumer authorises your app, they choose which Xero organisation to connect. Consumers with multiple organisations require a separate connection per organisation.
🚨Important to Know About Xero
Connection Limits & Partnership
- Uncertified apps are limited to 25 active connections
- App Partner certification requires onboarding 3 active customer connections within a 30-day period
- Certification involves multiple technical checkpoints and can take several months
- Consumers can install a maximum of 2 uncertified apps — if at the limit they must remove another uncertified app first
API Pricing (Effective March 2, 2026)
- Tiered, usage-based pricing replaces the 15% App Store revenue share
- Five tiers: Starter (free, 5 connections), Core, Plus, Advanced (~$895/mo, 10k connections), Enterprise
- Premium endpoints (Journals, Xero Practice Manager) require Advanced tier or above
- Separate from Apideck pricing
Authentication & Certification
- OAuth 2.0 with rotating refresh tokens — store the new token on every refresh
- Access tokens expire after 30 minutes (auto-refreshed by Apideck)
- Refresh tokens expire after 60 days if unused — consumer must re-authorise
- Certification compliance requires hiding the Apideck callback — a custom Vault domain must be configured before certification
Rate Limits
- 5,000 calls/day per organisation
- 60 calls/minute per organisation
- 5 concurrent calls/second
Platform Quirks
- Uses PUT for create and POST for upsert — opposite of REST convention
- Invoice updates restricted once partially or fully paid (only specific fields can change)
- Omitting an existing line_item.id in an update deletes that line item
- Credit note allocations must be managed via Apideck proxy
⚠️
29 gotchas across 14 resources
Connector-specific behaviors and limitations to be aware of
📦
23 supported resources
View field mappings, supported operations, and schema details