Simplifying Xero App Types for Integration

Reading documentation from various services can sometimes be overwhelming, lengthy, and can lead to misunderstandings or omissions. This is where our blog steps in, offering a comprehensive and streamlined overview to help developers gain a clearer understanding without having to wade through extensive documents. Our aim is to provide you with a bird’s-eye view of the different types of Xero apps and their uses, saving you time and effort.

 

Introduction

When integrating with Xero, choosing the right type of app is crucial. Xero offers three main types of applications, each designed for specific integration needs: Code Flow, PKCE Flow, and Custom Connection. Understanding these types will help you select the one that best fits your requirements. Let's delve into each type, their use cases, and their pros and cons.

1. Code Flow

• Best for:
  Web server applications that can securely store a client secret.
   
• Connection Limit:
  25 connections (unlimited after certification).
   
• Eligible for Marketplace:
  Yes.
   
• Offline Access:
  Yes.
   
• Cost:
  Free.
   
• Regional Availability:
  Global.
   

Use Case: This type is ideal for developers building server-side applications where the client secret can be securely stored. For example, a web-based accounting dashboard that interacts with Xero data can benefit from using Code Flow.

Pros:

• Can manage multiple connections.
   
• Eligible for listing on the Xero marketplace.
   
• Secure, as it requires a server to handle OAuth redirection.
   

Cons:

• Requires a web server to provide a redirect URL for OAuth, which complicates integration using simple Python scripts.
   
• More complex setup compared to other methods.
   

2. PKCE Flow

• Best for:
  Mobile and desktop applications that can't securely store a client secret (Single Page Applications - SPAs not currently supported).
   
• Connection Limit:
  25 connections (unlimited after certification).
   
• Eligible for Marketplace:
  Yes.
   
• Offline Access:
  Yes.
   
• Cost:
  Free.
   
• Regional Availability:
  Global.
   

Use Case: PKCE Flow is suitable for mobile and desktop applications where securely storing a client secret is not feasible. An example could be a mobile app that allows users to manage their invoices on the go, ensuring security without needing a stored client secret.

Pros:

• No need to store client secret, enhancing security for mobile and desktop apps.
   
• Can manage multiple connections.
   
• Supports offline access.
   

Cons:

• Not currently supported for Single Page Applications (SPAs).
   
• Requires a more complex initial setup compared to Custom Connection.
   

3. Custom Connection

• Best for:
  Backend, machine-to-machine integrations.
   
• Connection Limit:
  One connection.
   
• Eligible for Marketplace:
  No.
   
• Offline Access:
  Yes.
   
• Cost:
  Monthly fee on the Xero organization ($10/m AUD inc GST, $10/m NZD ex GST, £5/m GBP ex VAT).
   
• Regional Availability:
  UK, AU, and NZ Xero organizations only.
   

Use Case: Custom Connection is designed for backend integrations where direct interaction with the user is not required. Examples include automated data syncing between Xero and other internal systems, such as ERP or CRM systems.

Pros:

• Can be integrated using simple Python scripts without needing a server or redirect URL for OAuth.
   
• Directly call the API to obtain an access token and use it for further API calls.
   
• Ideal for backend and machine-to-machine integrations.

Cons:

• Limited to only one connection.
   
• Lacks the security benefits of OAuth 2.0 redirection.
   
• Incurs a monthly fee.

 

Choosing the Right App Type

When deciding which app type to use, consider the following:

• Security: If your app can securely store a client secret, Code Flow might be the best option. If not, PKCE Flow is more appropriate.
   
• User Interaction: For applications requiring user interaction (e.g., mobile or desktop apps), PKCE Flow is suitable. For machine-to-machine interactions, Custom Connection is ideal.
   
• Cost and Availability: Custom Connection involves a monthly fee and is limited to specific regions, whereas Code Flow and PKCE Flow are free and available globally.

 

Getting Started

1. Register Your App: Visit the Xero Developer Portal and register your app.
    
2. Select the App Type: Choose the appropriate app type based on your integration needs.
    
3. Follow the Authorization Flow: Implement the OAuth 2.0 flow as per the app type you selected.
    
4. Develop and Test: Use the Xero API documentation to develop and thoroughly test your app before going live.

 

Conclusion

By understanding the different types of Xero apps and their respective use cases, you can choose the best integration approach to meet your business requirements. While this blog provides a comprehensive overview, we strongly encourage developers to read the official Xero documentation for the most detailed and up-to-date information.