Set up Xero

Before you can access data from customers using Xero for their accounting, you need to set up a Xero integration in the Codat Portal. You'll need to:

  • Register a new application on Xero's developer portal.
  • Retrieve your application's secure keys from the Xero developer portal.
  • Add your secure keys in the Codat Portal.


Connection limits for OAuth 2.0 non-partner apps

Non-partner Xero OAuth 2.0 apps are limited to 25 connections. If your connections are growing quickly, Xero can increase this limit.

To remove the connection limit, you must gain partner status. For more information see Xero's site.

By default, all Xero integrations in Codat are created using OAuth 2.0.

Register your application

  1. Go to
  2. Log in using your Xero credentials (or create an account if you don’t already have one).
  3. Select New App.
  4. Enter the following:
  • In the App name box, add a short name for your application. Your customers see this when they authorise your connection to their accounting system.
  • In the Company or application URL box, add a link to your company's website.
  • In the OAuth 2.0 redirect URI box, enter the correct URI for the Codat environment you're using, either for:
    • Production:
    • UAT:
  1. Read and accept Xero's terms & conditions, and then select Create App.


Financial services providers

Non-partner Xero OAuth 2.0 apps are limited to 25 connections. To remove the connection limit, you must gain Partner status.

Xero have specific requirements about who can gain partner status and how they must build their integration. Xero partnership is not possible for all use cases and financial services providers may be subject to additional commercial terms. We strongly recommend that you speak with Xero before you build your integration.

If you are a financial services provider, contact your Codat sales or solutions representative to learn more. If you are not a financial services provider, contact [email protected] with the details of the application you are building.

Retrieve your application keys

Xero takes you to a page with some information about your new application.
You can access this page any time by selecting My Apps and choosing your application from the list.

  1. Scroll down to the OAuth 2.0 credentials section, and next to the Client Id box, select Copy.
  2. Next, select Generate a secret to retrieve your client secret.
    Note: If you either save this page or navigate away from it, you won't be able to view the same client secret again and you'll need to generate a new one. Make sure you copy the secret and store it in a safe place.
  3. When the Client Secret appears, keep this tab open. You'll need your secure keys for the next stage of the process.

Add your secure keys to Codat

  1. Open the Codat Portal and log in.
  2. In the left pane, select Integrations > Accounting.
  3. Scroll down to the Xero integration and select Manage.
  4. Choose what type of access to company data you wish to have for this integration: one-off or continuous.
  5. Enter the Client Id and Client Secret from your Xero app.
  6. Choose if you want to display the company confirmation page to your clients when they're linking to Xero. With this option on, Xero users connecting to Codat will first select their organisation on the Xero page and then confirm their choice in the Link flow.
  7. Save your settings.
  8. Enable your integration. Go back to Integrations > Accounting, and use the toggle to update the Xero integration from Disabled to Enabled.

Configuration of bank feeds

To create a direct Bank Feed using Xero's Bank Feeds API, you must POST Bank Transactions via the Codat API.

To do so you must fulfil the following pre-requisites.


Bank feeds prerequisites

  1. Have Xero Partner Status.
  2. Have the use of the Bank Feeds API enabled by Xero for your registered app. For more info see the Xero docs here.

If you do not have the above pre-requisites then you won't be able to set up a bank feed and push bank transactions to Xero. Instead, you will receive a 403 error that may appear as follows:

{ "type": "invalid-organisation-bank-feeds", "title": "Invalid Organisation", "status": 403, "detail": "The organisation does not support automated bank feeds." }

Did this page help you?