Configuration

To set up the Xero source, provide the following configuration parameters:
KeyDescriptionSample ValueRequired
access_tokenOAuth access token used to authenticate API requests.abcdefg
id_tokenToken containing user identity details (if OpenID Connect scopes are requested).abcdefg
start_dateThe start date for syncing data. Format: YYYY-MM-DDTHH:MM:SSZ.2021-01-01T00:00:00Z
client_idClient ID issued when you create your Xero app.abcdefg
client_secretClient secret generated when you create your Xero app.abcdefg
tenant_idTenant ID associated with your Xero organization.abcdefg
refresh_tokenRefresh token used to renew the access token after expiration (requires offline_access scope).abcdefg

Required Xero OAuth2 Scopes

To use this source, you must grant your Xero app the following OAuth2 scopes.

Minimum Scope for Discovery

  • accounting.settings.read Required for the /Currencies endpoint, which is called during discovery to verify:
    • Your access_token is valid
    • Your tenant_id is authorised
    • The app has the correct scopes
If this scope is missing, discovery will fail before any sync begins.

Scopes for Syncing All Streams

To sync all available streams, grant the following scopes:
ScopeRequired For
accounting.settings.readOrganisation settings, currencies, etc.
accounting.transactions.readInvoices, bank transactions, payments
accounting.contacts.readContacts
accounting.reports.readReports
accounting.journals.readJournals
accounting.attachments.readAttachments
offline_accessLong-lived access via refresh tokens
Note:
  • You only need scopes for the streams you plan to sync.
  • Missing scopes for a selected stream will result in 401 or 403 errors.

Example Scope String

accounting.settings.read
accounting.transactions.read
accounting.contacts.read
accounting.reports.read
accounting.journals.read
accounting.attachments.read
offline_access

How to Generate Credentials

Follow Xero’s OAuth 2.0 Authentication Flow guide to generate the required credentials:
  1. Register a new Xero app to get your client_id and client_secret.
  2. Set up the OAuth scopes your app requires.
  3. Complete the OAuth 2.0 authorization flow to obtain your access_token, refresh_token, id_token, and tenant_id.
  4. Store these securely in your configuration.

Additional Notes

  • The start_date determines how far back data will be synced.
  • Ensure that the offline_access scope is enabled to receive a refresh_token.
  • Tokens expire after a set period; use the refresh_token to obtain new access_token and id_token values automatically.
  • During setup, the connector calls the /Currencies endpoint to validate platform access before syncing.