Skip to content

I suggest you ...

← Accounting API

Create more granular accounting scopes (eg: Sales - Invoice only)

Right now there is a very wide range of APIs wrapped up in the "accounting.transactions" scope, with no way to provide more granular access within these APIs (https://developer.xero.com/documentation/guides/oauth2/scopes#organisation-scopes).

This means that it's not possible to grant access to something quite narrow without also granting access to other things that are often not needed. For example, you cannot grant permission to creating/manipulating Sales Invoices without also giving access to all Bank Transactions at the same time.

This problem is perhaps accentuated for Custom Connections, which are designed to be used for "in house" integrations, as ALL developers with access to maintain such a sales invoice integration would effectively have access to their colleague's salaries and company bank balances and nothing can be done to mitigate against this.

It feels like either there should be an extra layer of scopes such as "accounting.transactions.invoice" or "accounting.transactions.sales" available.

I would also think this is quite easy to implement!

162 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Felix shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Trent Bagshaw commented  ·   ·  Report

    In order to provide access to Quotes I have to give access to wage related Bank Transactions. This is... silly? Unless I'm missing something

  • Y V commented  ·   ·  Report

    Please implement this feature

  • Mendy Jacobs commented  ·   ·  Report

    This is very important to us, can you please implement,

  • MV commented  ·   ·  Report

    This is critical please implement this especially for invoices.

  • HC commented  ·   ·  Report

    It is a significant issue for us that we can't grant some users access to create/see invoices only via the API. Our users are effectively over permissioned and we have to ask them not to look at sensitive information (such as account reconciliations). It's not a nice state to exist in.

Accounting API: Authentication

Categories

Feedback and Knowledge Base

(thinking…)