I have a VB.Net Application currently using OAuth 1.0 and this needs to be changed to 2.0 for Xero to continue to work. See email from Xero below.
Source code will be shared with my shortlist of applicants in order to review this prior to starting the job.
It’s time to move to OAuth 2.0
Xero is moving to the industry standard API authorization process, OAuth 2.0, with OAuth 1.0a being fully deprecated on March 2021. We’re getting in touch because we noticed you still have one or more private OAuth 1.0a apps.
We’ve been communicating this since late 2019, and we understand this is a big move. We want to ensure you know your options and have everything you need to make the transition as smooth as possible.
How this affects your Xero API integration/s
You can no longer create new OAuth 1.0a apps and any custom API integration (private app) that you’ve created will need to move to OAuth 2.0 before OAuth 1.0a is deprecated on 31 March 2021. There are a few ways to achieve this, so please choose the option that’s best for you and your customers.
Here are your options:
• Client credentials grant: We’re working on a premium, client credentials grant option - Custom Integrations - for machine-to-machine integrations. We’re hoping to have this ready
early 2021! Learn more.
• Proof Key for Code Exchange: PKCE makes it quick and easy for mobile and desktop app developers to build directly to the Xero API with no need to build a comms proxy or manage private app credentials for every connection. Learn more.
• Standard OAuth 2.0 app: You’ll still be able to build to the standard OAuth 2.0 flow if you prefer. Regular OAuth 2.0 apps will remain free to create and use. Learn more
• Check out the custom integrations FAQ on our Developer Center.
• Make sure you're subscribed to our developer newsletter to stay up to date.
• Need a hand? Find Developer Partners with experience building integrations with the Xero API.
How this affects your customers
Once you have a plan in place, you will need to communicate this to every Xero customer that your apps connect to. We recommend letting them know what the options are for migrating your app to OAuth 2.0, the timeframes you’re working toward and the steps they need to take.
If you have further questions, please contact our developer platform support team.