Key | Description | Sample Value | Required |
---|---|---|---|
access_token | OAuth access token used to authenticate API requests. | abcdefg | ✅ |
id_token | Token containing user identity details (if OpenID Connect scopes are requested). | abcdefg | ✅ |
start_date | The start date for syncing data. Format: YYYY-MM-DDTHH:MM:SSZ . | 2021-01-01T00:00:00Z | ✅ |
client_id | Client ID issued when you create your Xero app. | abcdefg | ✅ |
client_secret | Client secret generated when you create your Xero app. | abcdefg | ✅ |
tenant_id | Tenant ID associated with your Xero organization. | abcdefg | ✅ |
refresh_token | Refresh token used to renew the access token after expiration (requires offline_access scope). | abcdefg | ✅ |
accounting.settings.read
Required for the /Currencies
endpoint, which is called during discovery to verify:
access_token
is validtenant_id
is authorisedScope | Required For |
---|---|
accounting.settings.read | Organisation settings, currencies, etc. |
accounting.transactions.read | Invoices, bank transactions, payments |
accounting.contacts.read | Contacts |
accounting.reports.read | Reports |
accounting.journals.read | Journals |
accounting.attachments.read | Attachments |
offline_access | Long-lived access via refresh tokens |
401
or 403
errors.client_id
and client_secret
.access_token
, refresh_token
, id_token
, and tenant_id
.start_date
determines how far back data will be synced.offline_access
scope is enabled to receive a refresh_token
.refresh_token
to obtain new access_token
and id_token
values automatically./Currencies
endpoint to validate platform access before syncing.