Xero oAuth 2 authorisation

Question

I have a .net core web API server that I connect to from a mobile application. The server creates an invoice on Xero and sends the user an email etc...

I have been using oAuth 1 with no issues, but now need to switch to oAuth 2. As there is no front end-user on the API server, can this still be accomplished?

All the documentation I read, seems to need a manual login to grant authorization and get an access token?

I was using the XeroApi settings in my appsettings.json file with a pfx certificate and a private app.

I am using the C# SDK

Thanks in advance :-)

score 3 · Accepted Answer · answered Dec 07 '19 at 21:23

You'll need a user from the Xero organisation to go through the OAuth2.0 flow at least once to retrieve an access token. If you request the offline_access scope during this flow, you'll receive a refresh token as well; this will enable you to refresh the access token from your web server on an ongoing basis, without user intervention.

So yep, you'll need a manual login at least once, but as long as you request & retain the refresh token from that initial flow, once should be enough.

Thank you for the response. I have done this and am able to achieve my requirements. — Neil Langston, Dec 09 '19 at 09:40

Xero oAuth 2 authorisation

1 Answers1