9 results found
-
Create more granular accounting scopes (eg: Sales - Invoice only)
Right now there is a very wide range of APIs wrapped up in the "accounting.transactions" scope, with no way to provide more granular access within these APIs (https://developer.xero.com/documentation/guides/oauth2/scopes#organisation-scopes).
This means that it's not possible to grant access to something quite narrow without also granting access to other things that are often not needed. For example, you cannot grant permission to creating/manipulating Sales Invoices without also giving access to all Bank Transactions at the same time.
This problem is perhaps accentuated for Custom Connections, which are designed to be used for "in house" integrations, as ALL developers with access…
165 votesFollowing up on this - we've shared the idea with the relevant team, and while we recognise that more granualr scopes could be beneficial for a number of reasons this has wide reaching impacts and unfortunately it's not something we're planning to move forward with right now. We truly appreciate your input, so we'll keep this idea open so others can still vote or add their thoughts, and if priorities shift down the track we may revisit the idea. Thanks again!
-
Return linked Tenant ID in the auth response
When a user has access to multiple Xero accounts it would be great to know the Tenant ID of the account they linked in the auth response.
20 votes -
Be able to specify the company required at login
We are operating with multiple companies within a single Xero account. It would be more secure if we could pre-select a company rather than leaving it to the user to select one after they have logged on.
In PHP we call
$XeroOAuth->request('GET', $XeroOAuth->url('RequestToken', ''), $params);i.e. Can we include the company in the $params?
10 votes -
Allow Invoice only users to use the API
As seen on this link: https://developer.xero.com/faq/permissions#user-permissions , currently only standard users can use the API, however, this makes no sense for my use case, and this is probably the same for other people.
Right now I'm trying to build an app that will automatically create invoices and email them to the contacts, however, I do not want to connect a standard full user to my application, as the returned access token will have full access to all my banking account statements whereas all I need I to create a Sales Invoice, which could be done with a "Sales Invoice only"…
9 votes -
Provide Service account for machine to machine authentication
Provide Service account for machine to machine authentication
For process to run via machine to machine so user interaction is not required. Saving of token or refresh token is not required, prevent hacking due to unsecure tokens.
Similar to Google using OAuth 2.0 for Server to Server Applications
https://developers.google.com/identity/protocols/oauth2/service-accountFor WorkFlowMax and Xero APIs
7 votes -
List all organisations of users after authenticated with a xero app
I am an accountant, here is my suggestion i just create an app on xero and ask my clients to authenticate with the app. After authentication i need list of organisation of my client and basic organisation details .
2 votes -
Replace / Fix inaccurate text when non-Admin user attempts to connect via API
This idea will take about 15 minutes to implement, so I hope it is looked at soon.
When a non-Admin user attempts to connect a Partner App to Xero via the API, they are given an inaccurate message. The message reads
"You don't have a Xero Organisation yet."
This is inaccurate, as they often do have a Xero Organisation but are not an Admin. This leads to wasted time, support calls, irritated users, and unhappy partners.
Please replace that above message with something like
"You are not an Administrator of any Xero Organisations yet."
https://breadwinner.com/wp-content/uploads/2017/12/Xero-inacurate-error-message.png
2 votes -
SUGGESTION
Services which are you guys are providing it's awesome , but the documentation which you have provided is not helpful at all . .. documentation should be user friendly and simple so that developers can easily integrate on their site .
1 vote -
Long lived tokens for testing purposes
Our challenge is with our test and verification setup: we have 4 stages of pre-production environments and every environment runs CI (Jenkins) with full tests each night and relevant tests with each code push. With this setup it is very challenging to share and update shared refresh tokens.
We would like long lived tokens (access and/or refresh) for testing purposes only.
Other services we work with have been able to change settings on app/client id level.1 vote
- Don't see your idea?