🚀 Xero API Authentication Proxy
Full-featured OAuth2 proxy for ALL Xero API endpoints with persistent refresh tokens.
Status: ✅ Ready to accept requests
📡 Available Endpoints
ANY /api/*
Generic proxy for ALL Xero API endpoints
Forwards any request to Xero with authentication
Examples:
GET /api/Invoices → Get invoices
POST /api/Invoices → Create invoice
GET /api/Contacts → Get contacts
POST /api/Contacts → Create contact
GET /api/BankTransactions → Get bank transactions
GET /api/Accounts → Get chart of accounts
GET /api/Items → Get inventory items
GET /api/TaxRates → Get tax rates
...and any other Xero API endpoint
GET /auth/start
Start OAuth setup (if you need to re-authenticate)
📝 Example Requests
Create an Invoice:
curl -X POST http://localhost:3000/api/Invoices \
-H "Content-Type: application/json" \
-H "X-API-Key: your_api_key" \
-d '{
"Type": "ACCREC",
"Contact": { "Name": "Customer Name" },
"LineItems": [{
"Description": "Product/Service",
"Quantity": 1,
"UnitAmount": 100.00,
"AccountCode": "200"
}],
"Status": "DRAFT"
}'
Get Contacts:
curl http://localhost:3000/api/Contacts \
-H "X-API-Key: your_api_key"
Get Bank Transactions:
curl "http://localhost:3000/api/BankTransactions?where=Status==\"AUTHORISED\"" \
-H "X-API-Key: your_api_key"
🔐 Security Features
- ✓ Persistent refresh tokens (never expire)
- ✓ Automatic token refresh (5 min buffer)
- ✓ OAuth2 with
offline_access scope
- ✓ Secure token storage (environment variables)
- ✓ API key authentication enabled