Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.



285A Gateshead Road, Borehamwood, Greater London, WD6 5LZ.


+44 203 488 9980

+0203 488 0088



A tool where multiple Xero Account users can add their Xero Accounts easily and can get daily statistics from Xero and store it locally for further analysis..





User flow and implementation:

  1. A button called “Connect to Xero” to start the process of integrating a user xero account.

  2. If the user clicks on this button, it redirects to Xero and asks the user to login if the user does not have an existing Xero session active.

  3. The user is requested to select the operations/services to which they want to grant the application access to.

  4. Once the application is authorised, the user is redirected to the application redirect URL already configured along with an “access token” for the pplication to use in future.

  5. Retrieving individual resources.

To retrieve a specific resource you can append its identifier to the end of the URL. The example below shows retrieving a specific contact using the HTTP GET method.



  • Successful responses return with a HTTP 200 status code

  • By default all successful API responses are returned as XML.

  • JSON formatted responses are also supported by setting the “Accept” value in the http header to “application/json” when making a request.

  • Individual Invoices and Credit Notes can also be returned in PDF format by setting the “Accept” value in the http header to “application/pdf”.


Integration and interaction diagrams:

1. Xero uthentication

2. Accessing Statistics


Requests for invoice:


URL:https://api.xero.com/api.xro/2.0/Invoices/ {parameters}

To retrieve all invoices for specific ID:

Contact.ContactID = Guid(“identifier”)

Example: https://api.xero.com/api.xro/2.0/Invoices?where=Contact.ContactID%20%3D%20Guid%28%22cd09aa49-134d-40fb-a52b-b63c6a91d712%22%29


PHP Library:

The XeroOAuth-PHP library can be used with all application types.



Problems faced:


1. Access Token Expiry: By default, the access token expires in 30 minutes. But once we get the application approved by Xero, we can get an accessToken with no expiry date. This is required for the continuous functioning of the application.


2. Daily Limit: There is a daily limit of 1000 API calls that a provider can make against a particular Xero organisation in a rolling 24 hour period. If you exceed this rate limit you will receive a HTTP 503 (Service Unavailable) response with the message.