Thank you for the continued feedback and for your patience on this long‑running request. We know that programmatic bank reconciliation and AI‑driven workflows are increasingly important to many of you, and we understand the frustration that this capability is not available via the Xero API.
After reviewing this again with our legal, risk and banking teams, we have confirmed that we will not be adding the ability to reconcile bank statement lines via the API or to expose unreconciled bank statement data via the public API.
There are a few key reasons for this decision:
-
Regulatory and contractual obligations on raw bank data. Unreconciled bank statement lines are “raw” banking data – unmodified information that comes directly from banks. In markets such as Australia, this data is treated as banking data under consumer data rights regimes. Sharing it on to third parties (including via an open API) would require us to treat every consuming app as if it were a regulated data recipient, with substantial security, accreditation and liability obligations that sit on Xero as an intermediary as well as on those third parties. We have taken a policy decision not to operate as an intermediary for redistributing raw bank statement data.This ensures that the highest standards of banking security are maintained directly between the customer and their financial institution.
-
Our data‑sharing boundary: unreconciled vs reconciled data. We draw a clear line between:
- Unreconciled statement data, which is banking data supplied to us by banks and subject to the obligations above; and
- Reconciled transaction data, which has been improved within Xero (for example, matched to contacts, invoices or accounts) and for which Xero is the custodian on behalf of the customer.
- We can expose certain reconciled/derived data through specific endpoints such as the Finance API’s Bank Statements Plus in limited, finance‑focused scenarios, but those endpoints are not designed or licensed for broad, high‑volume access to raw bank feeds or for third‑party replication of Xero’s bank reconciliation engine.
-
Why “reconcile via the API” falls on the wrong side of that line. Supporting full reconciliation via the API would, in practice, require programmatic access to unreconciled statement lines and a way to push reconciliation decisions back into Xero. That would effectively recreate bank reconciliation workflows outside Xero while still relying on Xero to redistribute raw bank data, which is exactly the pattern our regulatory, security and contractual constraints are designed to avoid. For these reasons, this is not something we can safely or responsibly offer as an open API capability.
We recognise that a small number of existing partner applications continue to receive limited access to certain statement data under legacy, contract-specific arrangements that pre‑date this policy. These specific arrangements are strictly managed under heightened security and compliance terms. To ensure we meet our current regulatory and risk standards, we are not extending these legacy permissions to new partners or applying them to any new use cases.
We also hear the concern that “this is customer data and customers should be able to use it where they choose”. We agree that customers should have access to their own banking information, and open banking frameworks are designed to give customers direct access to that data from their bank or banking aggregator, without Xero sitting in the middle as a redistributor. For apps that need raw bank statements to power AI or other automation, the right pattern is to source that data directly from the bank or an accredited open‑banking provider, and then connect into Xero using the data structures we do expose.
Our strategy for bank reconciliation is to invest in automation inside Xero, where we can manage risk, performance and user experience end‑to‑end. That includes features such as bank rules, suggested matches, cash coding, and newer improvements like statement-period bank reconciliation, enhanced bank feeds, and our AI-powered automation features, rather than exposing the underlying feeds for external reconciliation logic.
We will continue to review our approach as regulation, banking connectivity and customer needs evolve, but we want to be clear and transparent that this specific request will remain declined under our current legal and risk framework. We genuinely appreciate the thought and passion that has gone into this thread, and we’ll keep focusing our efforts on making in‑product reconciliation as efficient and intelligent as we can, within those constraints.
+1 a lot of reconciliation is no brainer type stuff having a human manually click it really unnecessary and besides the humans get it wrong sometimes anyways - a lot of reconciliation could be easily automated with just a few edge cases remaining which jeeds a human intervention - across all the organisations you have literally lifetimes of people clicking mouse buttons endlessly
I understand about the limitations of the api etc
but seems like there must be an answer to this - the data we newd is already within the platform and you have permission for that we really just need to be able to create rules and execute them automatically
what about a kind of private api that could only operate within the platform and could not send or receive any other data?