Skip to content

Latest commit

 

History

History
217 lines (141 loc) · 7.66 KB

README.md

File metadata and controls

217 lines (141 loc) · 7.66 KB

Xero API wrapper Build Status Gem Version

Getting Started

This is a Ruby gem for communicating with the Xero API. You can find more information about the Xero API at https://developer.xero.com.

Installation

Just add the xero_gateway gem to your Gemfile, like so:

  gem 'xero_gateway'

Usage

  gateway = XeroGateway::Gateway.new(YOUR_OAUTH_CONSUMER_KEY, YOUR_OAUTH_CONSUMER_SECRET)

Authenticating with OAuth

The Xero Gateway uses OAuth 1.0a for authentication. Xero Gateway implements OAuth in a very similar manner to the Twitter gem by John Nunemaker , so if you've used that before this will all seem familiar.

Authenticating: Public/Partner Applications

Public (or Partner, if you've been through the process to be approved) are traditional three-legged OAuth apps that can be used to access many different Xero accounts.

  1. Get a Consumer Key & Secret

First off, you'll need to get a Consumer Key/Secret pair for your application from Xero.

Head to https://api.xero.com, log in and then click My Applications > Add Application.

Part of the process for this will ask you for an "OAuth Redirect URL". This is where customers will be redirected once they complete logging in with Xero.

On the right-hand-side of your application's page there's a box titled "OAuth Credentials". Use the Key and Secret from this box in order to set up a new Gateway instance.

  1. Create a Xero Gateway in your App
  gateway = XeroGateway::Gateway.new(YOUR_OAUTH_CONSUMER_KEY, YOUR_OAUTH_CONSUMER_SECRET)
  1. Creating a Request Token

You'll then need to get a Request Token from Xero.

  request_token = gateway.request_token

You should keep this around - you'll need it to exchange for an Access Token later. (If you're using Rails, this means storing it in the session or something similar)

Next, you need to redirect your user to the authorization url for this request token. In Rails, that looks something like this:

  redirect_to request_token.authorize_url

You may also provide a callback parameter, which is the URL within your app the user will be redirected to. You need to ensure that the domain and port match the callback URL you specified in the Xero Developer Center!

  request_token = request_token(oauth_callback: "https://yourapp.com/xero/callback")
  redirect_to request_token.authorize_url
  1. Retrieving an Access Token

If you've specified a Callback URL when setting up your application or provided an oauth_callback parameter on your request token, your user will be redirected to that URL with an OAuth Verifier as a GET parameter. You can then exchange your Request Token for an Access Token like this (assuming Rails, once again):

  gateway.authorize_from_request(request_token.token, request_token.secret, oauth_verifier: params[:oauth_verifier])

(If you haven't specified a Callback URL, the user will be presented with a numeric verifier which they must copy+paste into your application; see examples/oauth.rb for an example)

Now you can access Xero API methods:

  gateway.get_contacts
  # => #<XeroGateway::Response:0x007fd367181388 ...

Storing Access Tokens

You can also store the Access Token/Secret pair so that you can access the API without user intervention. Currently, these access tokens are only valid for 30 minutes, and will raise a XeroGateway::OAuth::TokenExpired exception if you attempt to access the API beyond the token's expiry time.

  access_token, access_secret = gateway.access_token

You can authorize a Gateway instance later on using the authorize_from_access method:

  gateway = XeroGateway::Gateway.new(XERO_CONSUMER_KEY, XERO_CONSUMER_SECRET)
  gateway.authorize_from_access(your_stored_token.access_token, your_stored_token.access_secret)

Authenticating: Private Applications

Private applications are used to access a single Xero account.

  1. Get a Consumer Key & Secret

Head to https://api.xero.com, log in and then click My Applications > Add Application.

You'll need to generate an RSA keypair and an X509 certificate. This can be done with OpenSSL as below:

  openssl genrsa -out privatekey.pem
  openssl req -newkey rsa:1024 -x509 -days 365 -in privatekey.pem -out publickey.cer

You can then copy publickey.cer and paste it into the certificate box (cat publickey.cer | pbcopy on a Mac 🍎)

Make sure you keep privatekey.pem about, as you'll need it to connect to Xero in your app.

  1. Create a Xero Gateway in your App

It's as easy as:

  require 'xero_gateway'
  gateway = XeroGateway::PrivateApp.new(YOUR_OAUTH_CONSUMER_KEY, YOUR_OAUTH_CONSUMER_SECRET, PATH_TO_YOUR_PRIVATE_KEY)

  pp gateway.get_contacts

Note that for private apps, your consumer key and secret do double duty as your access token and secret pair :)

Examples

Open examples/oauth.rb and change CONSUMER_KEY and CONSUMER_SECRET to the values for a Test OAuth Public Application in order to see an example of OAuth at work.

There's also examples/private_app.rb if you'd like to see an example private app.

If you're working with Rails, a controller similar to this might come in handy:

  class XeroSessionsController < ApplicationController

    before_action :get_xero_gateway

    def new
      session[:request_token]  = @xero_gateway.request_token.token
      session[:request_secret] = @xero_gateway.request_token.secret

      redirect_to @xero_gateway.request_token.authorize_url
    end

    def create
      @xero_gateway.authorize_from_request(session[:request_token], session[:request_secret],
                                           oauth_verifier: params[:oauth_verifier])

      session[:xero_auth] = { access_token:   @xero_gateway.access_token.token,
                              access_secret:  @xero_gateway.access_token.secret }

      session.data.delete(:request_token)
      session.data.delete(:request_secret)
    end

    def destroy
      session.data.delete(:xero_auth)
    end

    private

      def get_xero_gateway
        @xero_gateway = XeroGateway::Gateway.new(YOUR_OAUTH_CONSUMER_KEY, YOUR_OAUTH_CONSUMER_SECRET)
      end

  end

Note that I'm just storing the Access Token + Secret in the session here - you could equally store them in the database if you felt like refreshing them every 30 minutes ;)

API Methods

You can find a full listing of all implemented methods on the wiki page.

Logging

You can specify a logger to use (so you can track down those tricky exceptions) by using:

  gateway.logger = ActiveSupport::BufferedLogger.new("log_file_name.log")

Your logger simply needs to respond to info.

Contributing

We welcome contributions, thanks for pitching in! ✨

  1. Fork the repo
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Make sure you have some tests, and they pass! (bundle exec rake)
  4. Commit your changes (git commit -am 'Added some feature')
  5. Push to the branch (git push origin my-new-feature)
  6. Create new Pull Request

This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.