The Xero Customer API allows a solution provider to fetch and manipulate data on a per Xero customer basis e.g., get contact records for a particular Xero customer or add invoices to a particular Xero customer.
High level overview
Xero’s Customer API is organized around RESTful principles where each resource has a unique URI and HTTP verbs are used to specify the action to perform on that resource.
- Any request that requires a save action to be performed (either insert or update) should have a structured XML document contained in the HTTP request body. This XML document will be specific for each request.
- The Xero API is constantly changing and getting better and even though Xero will do it’s best to communicate any breaking changes, the service entry point is designed to handle versioning.
- The Xero API uses HTTPS to protect information as it is transmitted over the network. Implemented properly, this guarantees that information is encrypted (protected against eavesdropping) and provides endpoint authentication (protected against spoofing). Any non-secure requests are automatically rejected, so we recommend establishing a test connection with the secure API entry point before sending sensitive data.
- It should be noted that as a third party solution provider you take full responsibility for the security and privacy of all data extracted through the Xero Customer API.
- All Xero API calls require the partner to be authenticated using a key specific to them, as well as a key for a specific Xero organisation. Every response should be considered in the context of that organisation.
- Xero will manually provide a specific key to each partner.
- The Xero application will create customer keys, specific to that Partner interface, that can be copied from the Xero application, by the customer to link the Xero customer Key to the customer record in the partner system. Therefore the partner application would need to be modified to store this key.
- When a request is sent, the raw data can be viewed inside the Partner Console, so that the partner can check that their application is communicating as expected with Xero.
Xero provides the interface that allows the customer to get their Xero Customer Key under the Xero Network menu option:
Xero will also be able to supply Xero Customer Key’s to a provider if consent has been given by a customer to do so. The Xero Customer Key must be passed in as a parameter for every Xero Customer API request.