PHP class for the Xero API V2
The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:
Please checkout the community project https://github.com/calcinai/xero-php
This repository has been archived and no further issues or pull requests will reviewed. Feel free to fork the repo and work with the code.
PHP library for working with the Xero OAuth API.
XeroOAuth-PHP is a sample library for use with the Xero API (http://developer.xero.com). The Xero API uses OAuth 1.0a, but we would not recommend using this library for other OAuth 1.0a APIs as the Xero API has one of the more advanced implementations (RSA-SHA1, etc) and thus has many configuration options not typically used in other APIs.
This library is designed to get a developer up and running quickly with the OAuth authentication layer, but there will be some customisation of its implementation required before it can be used in a production environment.
To get setup, you will need to modify the values in the _config.php file to your own requirements and application settings or see the customised example file for each different application type, public.php, private.php or partner.php.
There are a number of functions used when interacting with Xero:
The request function lies at the core of any communication with the API. There are a number of types of requests you may wish to make, all handled by the request() function.
request($method, $url, $parameters, $xml, $format)
Create a properly formatted request URL.
Once you get data back, you can pass it through the parseResponse function to turn it into something usable.
For public and partner API type applications using the 3-legged OAuth process, we need to redirect the user to Xero to authorise the API connection. To do so, redirect the user to a url generated with a call like this:
url("Authorize", '') . "?oauth_token=".$oauth_token."&scope=" . $scope;
For partner API applications where the 30 minute access tokens can be programatically refreshed via the API, you can use the refreshToken function:
refreshToken('the access token', 'the session handle')
As you are getting set up, you may run into a few configuration issues, particularly with some of the more advanced application types such as partner.
To make sure your configuration is correct, you can run a diagnostics function:
This returns an array of error messages (if there are any). These are in human readable form so should be enough to put you on the right track. If not, check the Xero developer centre and forum for more detail.
It would probably be a bad idea to run this in your production code as the errors returned ones only a developer can resolve, not the end user.
There are many reasons why an error may be encountered: data validation, token issues, authorisation revocation etc. It is important to inspect not just the HTTP response code, but also the associated error string.
A very basic error output function is included in the sample code, which outputs all available information related to an error. It would need to be substantially tidied up before the results could be surfaced in a production environment.
Understanding the type of message you are getting from the API could be useful. In each response that is not successful, a helper element is returned:
This software is published under the MIT License.
OAuthsimple.php contains minor adaptations from the OAuthSimple PHP class by United Heroes.
XeroOAuth class is based on code and structure derived from the tmhOAuth library.
Deprecated Entrust Certificates for Partner Apps by commenting out related code and updating base URL to api.xero.com
PHP7 support via @tomcastleman Moved releases to Github release function
Added composer support. Modified content-type so is also set for PUT requests
Added examples for CRU of tracking categories and options. Updated the CA certs to a recent one - warning that if you are using a very old version of curl you may get 'cert invalid' type error. Removed an unused function and tidied up comments on another to make them more sensible.
Merged some pull requests, addressed an issue with multiple calls having signature validation issues.
Merged a number of pull requests, tidied up formatting and extended sample tests.
Merged to master, added more tests and improved security handling for partner API apps.
Initial release candidate prepared and released to 'refactor' branch.