Interfacing to Xero using Oauth 1.0 without a big wrapper

Intro

This article explores what it takes to implement a simple Oauth 1.0 web service interface to a cloud based accounting application called Xero.

If you are an existing customer then the most likely reason you are reading this article is because you have to deal with a web service interface which requires Oauth 1.0.

If you just want to get information about implementing Oauth 1.0 with Xero then feel free to skip this section and go jump straight to the last section of this article.  If you want a bit more background, read on.

I became aware of Xero about a year ago and was intrigued about how I could improve our own internal operations using a modern accounting application that would be easy to integrate with using web services and our integration engine Iguana.

Xero doesn’t really position itself as an enterprise accounting system but as someone is who is a little obsessed with integration it struck me as an interesting experiment to see what we could achieve with a leveraging the APIs that Xero has to go well beyond what it was intended for.

By being able to use the API it makes it possible to use financial data in much more interesting ways than what the core of Xero itself offers.  Looking at account receivables for instance – making it easy and convenient for my management team and our account managers to get visibility into what the status is in this area for their accounts and so on.

On the whole applications like Microsoft Excel and Google sheets are powerful analytical tools to quickly see important trends in the data which have more flexibility than what comes with the pre-canned reports that any given accounting system has. APIs give the means to easily get the data out in an automated fashion and cross reference it with data from other systems like our customer relationship management (CRM) system.

As someone who has built my entire career around integration I found it hard not to be attracted to having a go at tackling this problem myself. I understand the problem domain very well and I have the technical skills required to get it done quickly. It also forces me to think about exactly what to report on.

So why Xero? Well I like intuitive software and in my experience a lot of enterprise software doesn’t come up to snuff in that area. Xero’s core functionality is pretty nice.  It’s core dashboard is a nice snapshot of what is going on.

It has an excellent eco-system of auxiliary applications that let my staff do automated expense reporting, it syncs up with feeds from our bank to make bank account reconciliation easier. The fact I can access it from the web without installing any software on my Macbook makes it very attractive – that was one thing that really annoyed me with our old accounting system which was only on windows.

Accounting wise our business isn’t all that complicated – we’re a software vendor in Canada – we mainly sell outside of Canada so most our sales are in USD as well as significant sales in Euros and a few other currencies. It seemed a reasonable bet to give Xero a try and see if we could make it work for our business.

Funnily enough Xero is a New Zealand based company out of Wellington which is where I was born and grew up.  That kind of closed the decision for me 🙂 Small world!

Positioning wise Xero isn’t really aimed at much smaller businesses than us.  You can see that in things like the fact that the permissions system doesn’t really support giving roles to say my sales team to only see invoices related to their accounts and so on.  But that’s where the power of APIs come in.  By extracting data and reporting on it it becomes easy to do things with Xero that go beyond what it was created for.

At the end of day every business receives money and pays out money. All the raw data is there and if you can easily automate extracting that data into tools like Microsoft Excel and Google Sheets then it is easy to use pivot tables to generate all manner of reports and dashboards to suit the needs of your business. It’s just a matter of organizing things a little to make sure data is tagged appropriately and great things can be done.

I’ve been doing that and it’s great – modern spreadsheets are great data processors.  They can crunch through data really quickly and so if I can get the source data into them in an automatic manner then I can get the quick overview of what is going on, look at actuals vs. our plan etc. etc.  But I want an easy way to populate the data directly into the sheets and also make that data available to whoever needs it in my company.

Iguana is an obvious solution to tackle the problem – it can sit in front of Xero and act as the gate keeper that controls what data is available and present it in a format that is easy to inhale into the spreadsheets we use for actual reporting.

So one challenge to overcome was to talk to Xero’s web apis.  Xero itself appears to be built on a Microsoft stack – you can see that from when it’s is given bad parameters and it raises errors that appear to come from Microsoft IIS.  The APIs require an early version of Oauth 1.0 to authenticate with.

Now Xero themselves are not really geared up to give a lot of direct information explaining how their implementation of Oauth 1.0 is done. They prefer customers to use wrapper libraries that implement the Oauth 1.0 protocol. Fair enough. That’s okay for getting a working proof of concept up and running but in my opinion not something I would want to support in production.

Leave a Reply