├── LICENSE ├── README.md ├── Xero OAuth1a.postman_collection.json ├── Xero.postman_environment.json └── images ├── access.png ├── create-public.png ├── credentials.png ├── env-variables.png ├── environment.png ├── organisation.png ├── request.png ├── select-env.png └── verifier.png /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 Xero Developer API 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Xero-Postman 2 | A Postman collection for authenticating to the Xero API. Please note that this collection provides access using OAuth 1.0a. Our newer collection using OAuth 2.0 can be found [here](https://github.com/XeroAPI/xero-postman-oauth2). 3 | 4 | ## Steps to get up and running 5 | Follow these steps to quickly get up and running with the Xero API and Postman: 6 | 7 | ### 1. Import the Xero OAuth1a collection and Xero environment into Postman 8 | Click the button below and select the Desktop version of Postman (Chrome extension doesn't support environment variables): 9 | 10 | [![Run in Postman](https://run.pstmn.io/button.svg)](https://app.getpostman.com/run-collection/89e9403256e30d1c61be#?env%5BXero%5D=W3siZW5hYmxlZCI6dHJ1ZSwia2V5IjoiQ29uc3VtZXJLZXkiLCJ2YWx1ZSI6IiIsInR5cGUiOiJ0ZXh0In0seyJlbmFibGVkIjp0cnVlLCJrZXkiOiJDb25zdW1lclNlY3JldCIsInZhbHVlIjoiIiwidHlwZSI6InRleHQifSx7ImVuYWJsZWQiOnRydWUsImtleSI6Im9hdXRoX3Rva2VuIiwidmFsdWUiOiIiLCJ0eXBlIjoidGV4dCJ9LHsiZW5hYmxlZCI6dHJ1ZSwia2V5Ijoib2F1dGhfdG9rZW5fc2VjcmV0IiwidmFsdWUiOiIiLCJ0eXBlIjoidGV4dCJ9LHsiZW5hYmxlZCI6dHJ1ZSwia2V5IjoiVGltZXN0YW1wIiwidmFsdWUiOiIiLCJ0eXBlIjoidGV4dCJ9LHsiZW5hYmxlZCI6dHJ1ZSwia2V5IjoiTm9uY2UiLCJ2YWx1ZSI6IiIsInR5cGUiOiJ0ZXh0In1d) 11 | 12 | ### 2. Create a public app at https://developer.xero.com/myapps 13 | Go to the Xero developer portal and create a public app. 14 | 15 | *Note* Postman doesn't support the RSA SHA1 signing method so you can't use the partner or private app types. 16 | 17 | ![create a public app](images/create-public.png) 18 | 19 | If you haven't already signed up for a xero account you can do so [here](https://www.xero.com/signup/api/). 20 | 21 | ### 3. Add your consumer key and consumer secret to the Xero environment variables in Postman 22 | Copy the consumer key and consumer secret of your app into the ConsumerKey and ConsumerSecret environment variables in Postman. 23 | 24 | ![get credentials](images/credentials.png) 25 | 26 | ![manage environment](images/environment.png) 27 | 28 | ### 4. Select the Xero environment 29 | Select Xero from the environment drop-down menu in Postman 30 | 31 | ![select environment](images/select-env.png) 32 | 33 | ### 5. Get your request token 34 | Hit Send on the GET Request Token call in Postman. 35 | 36 | In the response section go to the Test Results tab and copy the authorization url. 37 | 38 | ![GET request token](images/request.png) 39 | 40 | ### 6. Get your oauth verifier 41 | Paste the authorization url into your browser, login to xero, select the org to connect to and copy the oauth verifier to your clipboard. 42 | 43 | ![GET oauth verifier](images/verifier.png) 44 | 45 | ### 7. Get your access token 46 | Select the Authorization tab, paste the verifier into the Verifier box under ADVANCED 47 | 48 | ![GET access token](images/access.png) 49 | 50 | Congrats! You're now authenticated and can start making API calls. Your access token will last for 30mins, after which time you'll need to report steps 4-6 to get a new token. 51 | 52 | ### 8. Make your first API call! 53 | Click Send on the GET Organisation request to make your first API call. 54 | 55 | ### 9. Import our OpenAPI definition 56 | Now that you're authenticated, import the [official Xero OpenAPI](https://github.com/XeroAPI/Xero-OpenAPI) (Swagger) description and import all the endpoints for the Accounting API. 57 | -------------------------------------------------------------------------------- /Xero OAuth1a.postman_collection.json: -------------------------------------------------------------------------------- 1 | { 2 | "info": { 3 | "name": "Xero OAuth1a", 4 | "_postman_id": "a6bb627b-b5c2-c2a5-abd6-8c08490f2c5f", 5 | "description": "A collection to authenticate to the Xero API using OAuth1.0a", 6 | "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" 7 | }, 8 | "item": [ 9 | { 10 | "name": "Request Token", 11 | "event": [ 12 | { 13 | "listen": "test", 14 | "script": { 15 | "type": "text/javascript", 16 | "exec": [ 17 | "var params = responseBody.split(\"&\");", 18 | "", 19 | "params.forEach(function (param) {", 20 | " var parts = param.split(\"=\");", 21 | " var key = parts[0];", 22 | " var val = parts[1];", 23 | " if (postman.getEnvironmentVariable(key) !== undefined) {", 24 | " postman.setEnvironmentVariable(key, val);", 25 | " }", 26 | "})", 27 | "", 28 | "tests[\"To get the oauth_verifier open this url in your browser https://api.xero.com/oauth/Authorize?oauth_token=\" + pm.environment.get(\"oauth_token\")] = true;" 29 | ] 30 | } 31 | }, 32 | { 33 | "listen": "prerequest", 34 | "script": { 35 | "type": "text/javascript", 36 | "exec": [ 37 | "postman.setEnvironmentVariable(\"oauth_token\", \"\");", 38 | "postman.setEnvironmentVariable(\"oauth_token_secret\", \"\");", 39 | "postman.setEnvironmentVariable(\"Timestamp\", \"\");", 40 | "postman.setEnvironmentVariable(\"Nonce\", \"\");" 41 | ] 42 | } 43 | } 44 | ], 45 | "request": { 46 | "auth": { 47 | "type": "oauth1", 48 | "oauth1": [ 49 | { 50 | "key": "consumerKey", 51 | "value": "{{ConsumerKey}}", 52 | "type": "string" 53 | }, 54 | { 55 | "key": "consumerSecret", 56 | "value": "{{ConsumerSecret}}", 57 | "type": "string" 58 | }, 59 | { 60 | "key": "token", 61 | "value": "{{oauth_token}}", 62 | "type": "string" 63 | }, 64 | { 65 | "key": "tokenSecret", 66 | "value": "{{oauth_token_secret}}", 67 | "type": "string" 68 | }, 69 | { 70 | "key": "signatureMethod", 71 | "value": "HMAC-SHA1", 72 | "type": "string" 73 | }, 74 | { 75 | "key": "timestamp", 76 | "value": "{{Timestamp}}", 77 | "type": "string" 78 | }, 79 | { 80 | "key": "nonce", 81 | "value": "{{Nonce}}", 82 | "type": "string" 83 | }, 84 | { 85 | "key": "version", 86 | "value": "1.0", 87 | "type": "string" 88 | }, 89 | { 90 | "key": "realm", 91 | "value": "", 92 | "type": "string" 93 | }, 94 | { 95 | "key": "addParamsToHeader", 96 | "value": true, 97 | "type": "boolean" 98 | }, 99 | { 100 | "key": "autoAddParam", 101 | "type": "any" 102 | }, 103 | { 104 | "key": "addEmptyParamsToSign", 105 | "value": false, 106 | "type": "boolean" 107 | } 108 | ] 109 | }, 110 | "method": "GET", 111 | "header": [ 112 | { 113 | "key": "Authorization", 114 | "value": "" 115 | } 116 | ], 117 | "body": {}, 118 | "url": { 119 | "raw": "https://api.xero.com/oauth/RequestToken", 120 | "protocol": "https", 121 | "host": [ 122 | "api", 123 | "xero", 124 | "com" 125 | ], 126 | "path": [ 127 | "oauth", 128 | "RequestToken" 129 | ] 130 | } 131 | }, 132 | "response": [] 133 | }, 134 | { 135 | "name": "Access Token", 136 | "event": [ 137 | { 138 | "listen": "test", 139 | "script": { 140 | "type": "text/javascript", 141 | "exec": [ 142 | "var params = responseBody.split(\"&\");", 143 | "", 144 | "params.forEach(function (param) {", 145 | " var parts = param.split(\"=\");", 146 | " var key = parts[0];", 147 | " var val = parts[1];", 148 | " if (postman.getEnvironmentVariable(key) !== undefined) {", 149 | " postman.setEnvironmentVariable(key, val);", 150 | " tests[\"Environment variable {{\" + key + \"}} is now set\"] = true;", 151 | " }", 152 | "})", 153 | "" 154 | ] 155 | } 156 | }, 157 | { 158 | "listen": "prerequest", 159 | "script": { 160 | "type": "text/javascript", 161 | "exec": [ 162 | "postman.setEnvironmentVariable(\"Timestamp\", \"\");", 163 | "postman.setEnvironmentVariable(\"Nonce\", \"\");" 164 | ] 165 | } 166 | } 167 | ], 168 | "request": { 169 | "auth": { 170 | "type": "oauth1", 171 | "oauth1": [ 172 | { 173 | "key": "consumerKey", 174 | "value": "{{ConsumerKey}}", 175 | "type": "string" 176 | }, 177 | { 178 | "key": "consumerSecret", 179 | "value": "{{ConsumerSecret}}", 180 | "type": "string" 181 | }, 182 | { 183 | "key": "token", 184 | "value": "{{oauth_token}}", 185 | "type": "string" 186 | }, 187 | { 188 | "key": "tokenSecret", 189 | "value": "{{oauth_token_secret}}", 190 | "type": "string" 191 | }, 192 | { 193 | "key": "signatureMethod", 194 | "value": "HMAC-SHA1", 195 | "type": "string" 196 | }, 197 | { 198 | "key": "timestamp", 199 | "value": "{{Timestamp}}", 200 | "type": "string" 201 | }, 202 | { 203 | "key": "nonce", 204 | "value": "{{Nonce}}", 205 | "type": "string" 206 | }, 207 | { 208 | "key": "version", 209 | "value": "1.0", 210 | "type": "string" 211 | }, 212 | { 213 | "key": "realm", 214 | "value": "", 215 | "type": "string" 216 | }, 217 | { 218 | "key": "addParamsToHeader", 219 | "value": true, 220 | "type": "boolean" 221 | }, 222 | { 223 | "key": "autoAddParam", 224 | "type": "any" 225 | }, 226 | { 227 | "key": "addEmptyParamsToSign", 228 | "value": false, 229 | "type": "boolean" 230 | } 231 | ] 232 | }, 233 | "method": "GET", 234 | "header": [ 235 | { 236 | "key": "Authorization", 237 | "value": "" 238 | } 239 | ], 240 | "body": {}, 241 | "url": { 242 | "raw": "https://api.xero.com/oauth/AccessToken?oauth_verifier=", 243 | "protocol": "https", 244 | "host": [ 245 | "api", 246 | "xero", 247 | "com" 248 | ], 249 | "path": [ 250 | "oauth", 251 | "AccessToken" 252 | ], 253 | "query": [ 254 | { 255 | "key": "oauth_verifier", 256 | "value": "", 257 | "equals": true 258 | } 259 | ] 260 | } 261 | }, 262 | "response": [] 263 | }, 264 | { 265 | "name": "Organisation", 266 | "event": [ 267 | { 268 | "listen": "prerequest", 269 | "script": { 270 | "type": "text/javascript", 271 | "exec": [ 272 | "postman.setEnvironmentVariable(\"Timestamp\", \"\");", 273 | "postman.setEnvironmentVariable(\"Nonce\", \"\");" 274 | ] 275 | } 276 | } 277 | ], 278 | "request": { 279 | "auth": { 280 | "type": "oauth1", 281 | "oauth1": [ 282 | { 283 | "key": "consumerKey", 284 | "value": "{{ConsumerKey}}", 285 | "type": "string" 286 | }, 287 | { 288 | "key": "consumerSecret", 289 | "value": "{{ConsumerSecret}}", 290 | "type": "string" 291 | }, 292 | { 293 | "key": "token", 294 | "value": "{{oauth_token}}", 295 | "type": "string" 296 | }, 297 | { 298 | "key": "tokenSecret", 299 | "value": "{{oauth_token_secret}}", 300 | "type": "string" 301 | }, 302 | { 303 | "key": "signatureMethod", 304 | "value": "HMAC-SHA1", 305 | "type": "string" 306 | }, 307 | { 308 | "key": "timestamp", 309 | "value": "{{Timestamp}}", 310 | "type": "number" 311 | }, 312 | { 313 | "key": "nonce", 314 | "value": "{{Nonce}}", 315 | "type": "string" 316 | }, 317 | { 318 | "key": "version", 319 | "value": "1.0", 320 | "type": "string" 321 | }, 322 | { 323 | "key": "realm", 324 | "value": "", 325 | "type": "string" 326 | }, 327 | { 328 | "key": "addParamsToHeader", 329 | "value": true, 330 | "type": "boolean" 331 | }, 332 | { 333 | "key": "autoAddParam", 334 | "type": "any" 335 | }, 336 | { 337 | "key": "addEmptyParamsToSign", 338 | "value": false, 339 | "type": "boolean" 340 | } 341 | ] 342 | }, 343 | "method": "GET", 344 | "header": [ 345 | { 346 | "key": "Authorization", 347 | "value": "" 348 | }, 349 | { 350 | "key": "accept", 351 | "value": "application/json" 352 | } 353 | ], 354 | "body": { 355 | "mode": "raw", 356 | "raw": "" 357 | }, 358 | "url": { 359 | "raw": "https://api.xero.com/api.xro/2.0/Organisation", 360 | "protocol": "https", 361 | "host": [ 362 | "api.xero.com" 363 | ], 364 | "path": [ 365 | "api.xro", 366 | "2.0", 367 | "Organisation" 368 | ] 369 | } 370 | }, 371 | "response": [] 372 | } 373 | ] 374 | } -------------------------------------------------------------------------------- /Xero.postman_environment.json: -------------------------------------------------------------------------------- 1 | { 2 | "id": "c7bcfffc-c185-6b0c-9c64-26e2c973ae6e", 3 | "name": "Xero", 4 | "values": [ 5 | { 6 | "enabled": true, 7 | "key": "ConsumerKey", 8 | "value": "", 9 | "type": "text" 10 | }, 11 | { 12 | "enabled": true, 13 | "key": "ConsumerSecret", 14 | "value": "", 15 | "type": "text" 16 | }, 17 | { 18 | "enabled": true, 19 | "key": "oauth_token", 20 | "value": "", 21 | "type": "text" 22 | }, 23 | { 24 | "enabled": true, 25 | "key": "oauth_token_secret", 26 | "value": "", 27 | "type": "text" 28 | }, 29 | { 30 | "enabled": true, 31 | "key": "Timestamp", 32 | "value": "", 33 | "type": "text" 34 | }, 35 | { 36 | "enabled": true, 37 | "key": "Nonce", 38 | "value": "", 39 | "type": "text" 40 | }, 41 | { 42 | "enabled": true, 43 | "key": "If-Modified-Since", 44 | "value": "", 45 | "type": "text" 46 | }, 47 | { 48 | "enabled": true, 49 | "key": "page", 50 | "value": "", 51 | "type": "text" 52 | }, 53 | { 54 | "enabled": true, 55 | "key": "offset", 56 | "value": "", 57 | "type": "text" 58 | }, 59 | { 60 | "enabled": true, 61 | "key": "paymentsOnly", 62 | "value": "", 63 | "type": "text" 64 | }, 65 | { 66 | "enabled": true, 67 | "key": "includeArchived", 68 | "value": "", 69 | "type": "text" 70 | }, 71 | { 72 | "enabled": true, 73 | "key": "where", 74 | "value": "", 75 | "type": "text" 76 | }, 77 | { 78 | "enabled": true, 79 | "key": "order", 80 | "value": "", 81 | "type": "text" 82 | }, 83 | { 84 | "enabled": true, 85 | "key": "unitdp", 86 | "value": "", 87 | "type": "text" 88 | }, 89 | { 90 | "enabled": true, 91 | "key": "summarizeErrors", 92 | "value": "", 93 | "type": "text" 94 | } 95 | ], 96 | "timestamp": 1511132392138, 97 | "_postman_variable_scope": "environment", 98 | "_postman_exported_at": "2017-11-19T23:59:40.066Z", 99 | "_postman_exported_using": "Postman/5.3.2" 100 | } -------------------------------------------------------------------------------- /images/access.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XeroAPI/Xero-Postman/1869c2eeaab8674f81cce9ef666a7759941f023f/images/access.png -------------------------------------------------------------------------------- /images/create-public.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XeroAPI/Xero-Postman/1869c2eeaab8674f81cce9ef666a7759941f023f/images/create-public.png -------------------------------------------------------------------------------- /images/credentials.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XeroAPI/Xero-Postman/1869c2eeaab8674f81cce9ef666a7759941f023f/images/credentials.png -------------------------------------------------------------------------------- /images/env-variables.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XeroAPI/Xero-Postman/1869c2eeaab8674f81cce9ef666a7759941f023f/images/env-variables.png -------------------------------------------------------------------------------- /images/environment.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XeroAPI/Xero-Postman/1869c2eeaab8674f81cce9ef666a7759941f023f/images/environment.png -------------------------------------------------------------------------------- /images/organisation.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XeroAPI/Xero-Postman/1869c2eeaab8674f81cce9ef666a7759941f023f/images/organisation.png -------------------------------------------------------------------------------- /images/request.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XeroAPI/Xero-Postman/1869c2eeaab8674f81cce9ef666a7759941f023f/images/request.png -------------------------------------------------------------------------------- /images/select-env.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XeroAPI/Xero-Postman/1869c2eeaab8674f81cce9ef666a7759941f023f/images/select-env.png -------------------------------------------------------------------------------- /images/verifier.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/XeroAPI/Xero-Postman/1869c2eeaab8674f81cce9ef666a7759941f023f/images/verifier.png --------------------------------------------------------------------------------