xero-api-integration
18
总安装量
12
周安装量
#19675
全站排名
安装命令
npx skills add https://github.com/cleanexpo/ato --skill xero-api-integration
Agent 安装分布
claude-code
9
opencode
6
cursor
6
gemini-cli
6
windsurf
5
codex
5
Skill 文档
Xero API Integration Skill
Secure, read-only integration with Xero accounting software for financial data extraction and analysis.
When to Use
Activate this skill when the task requires:
- Extracting financial data from Xero
- Generating accounting reports
- Analyzing transaction history
- Auditing chart of accounts
- Reviewing asset registers
â ï¸ CRITICAL CONSTRAINT
READ-ONLY OPERATION
- Only read scopes are authorized
- NEVER modify any Xero data
- All changes are recommendations only
OAuth 2.0 Authentication
Required Scopes
offline_access # For refresh token
accounting.transactions.read # Bank transactions, invoices, payments
accounting.reports.read # Financial reports
accounting.contacts.read # Suppliers and customers
accounting.settings # Chart of accounts, organization info
openid profile email # User identity
Authorization Flow
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 1. REDIRECT USER â
â https://login.xero.com/identity/connect/authorize â
â ?client_id={CLIENT_ID} â
â &redirect_uri={REDIRECT_URI} â
â &scope=offline_access accounting.transactions.read â
â accounting.reports.read accounting.contacts.read â
â accounting.settings openid profile email â
â &response_type=code â
â &state={STATE} â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 2. USER AUTHORIZES â
â User logs into Xero â
â Grants read-only access to organization â
â Xero redirects to REDIRECT_URI with authorization code â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 3. EXCHANGE CODE FOR TOKENS â
â POST https://identity.xero.com/connect/token â
â Body: grant_type=authorization_code â
â code={AUTH_CODE} â
â redirect_uri={REDIRECT_URI} â
â Headers: Authorization: Basic {base64(client_id:secret)} â
â â
â Response: access_token, refresh_token, expires_in â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 4. GET TENANT ID â
â GET https://api.xero.com/connections â
â Headers: Authorization: Bearer {access_token} â
â â
â Response: [{ tenantId, tenantType, tenantName }] â
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
Token Refresh
POST https://identity.xero.com/connect/token
Body: grant_type=refresh_token
refresh_token={REFRESH_TOKEN}
Headers: Authorization: Basic {base64(client_id:secret)}
API Endpoints
Organization Information
GET https://api.xero.com/api.xro/2.0/Organisation
Authorization: Bearer {access_token}
xero-tenant-id: {tenant_id}
Chart of Accounts
GET https://api.xero.com/api.xro/2.0/Accounts
Authorization: Bearer {access_token}
xero-tenant-id: {tenant_id}
Bank Transactions
GET https://api.xero.com/api.xro/2.0/BankTransactions
Authorization: Bearer {access_token}
xero-tenant-id: {tenant_id}
Parameters:
- where: Date>=DateTime(2024,07,01)
- page: 1
Invoices
GET https://api.xero.com/api.xro/2.0/Invoices
Authorization: Bearer {access_token}
xero-tenant-id: {tenant_id}
Parameters:
- where: Type=="ACCREC" AND Status!="DELETED"
- page: 1
Manual Journals
GET https://api.xero.com/api.xro/2.0/ManualJournals
Authorization: Bearer {access_token}
xero-tenant-id: {tenant_id}
Payments
GET https://api.xero.com/api.xro/2.0/Payments
Authorization: Bearer {access_token}
xero-tenant-id: {tenant_id}
Trial Balance Report
GET https://api.xero.com/api.xro/2.0/Reports/TrialBalance
Authorization: Bearer {access_token}
xero-tenant-id: {tenant_id}
Parameters:
- date: 2024-06-30
Profit and Loss Report
GET https://api.xero.com/api.xro/2.0/Reports/ProfitAndLoss
Authorization: Bearer {access_token}
xero-tenant-id: {tenant_id}
Parameters:
- fromDate: 2023-07-01
- toDate: 2024-06-30
Balance Sheet Report
GET https://api.xero.com/api.xro/2.0/Reports/BalanceSheet
Authorization: Bearer {access_token}
xero-tenant-id: {tenant_id}
Parameters:
- date: 2024-06-30
Fixed Assets
GET https://api.xero.com/assets.xro/1.0/Assets
Authorization: Bearer {access_token}
xero-tenant-id: {tenant_id}
Contacts
GET https://api.xero.com/api.xro/2.0/Contacts
Authorization: Bearer {access_token}
xero-tenant-id: {tenant_id}
Data Extraction Process
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 1. AUTHENTICATE â
â ⢠Validate access token (refresh if expired) â
â ⢠Confirm tenant ID â
â ⢠Verify organization access â
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 2. EXTRACT STRUCTURE â
â ⢠Fetch Organization info â
â ⢠Fetch Chart of Accounts â
â ⢠Identify account types and structure â
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 3. EXTRACT REPORTS â
â ⢠Trial Balance (per FY) â
â ⢠Profit & Loss (per FY) â
â ⢠Balance Sheet (current) â
â ⢠Cache for analysis â
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 4. EXTRACT TRANSACTIONS â
â ⢠Bank Transactions (paginated) â
â ⢠Invoices â
â ⢠Manual Journals â
â ⢠Payments â
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â 5. EXTRACT ASSETS â
â ⢠Fixed Asset Register â
â ⢠Depreciation schedules â
ââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
Rate Limiting
| Limit Type | Value |
|---|---|
| Daily limit | 5,000 calls per tenant |
| Minute limit | 60 calls per minute |
| Concurrent limit | 4 pending requests |
Best Practices:
- Implement exponential backoff
- Cache responses where appropriate
- Use pagination efficiently
- Monitor rate limit headers
Error Handling
| Error | HTTP Code | Recovery |
|---|---|---|
| Token expired | 401 | Refresh token |
| Rate limited | 429 | Wait and retry |
| Not found | 404 | Check endpoint/params |
| Forbidden | 403 | Check scopes |
| Server error | 500+ | Retry with backoff |
Security Requirements
-
Token Storage
- Encrypt tokens at rest
- Never log access tokens
- Secure refresh token storage
-
API Calls
- HTTPS only
- Validate SSL certificates
- Log API calls (not tokens)
-
Authorization
- Request minimal scopes
- Verify tenant access
- Handle revocation gracefully
Output Data Structure
interface XeroExtraction {
organization: {
name: string;
abn: string;
financialYearEndMonth: number;
};
accounts: Account[];
reports: {
trialBalance: Map<FY, Report>;
profitAndLoss: Map<FY, Report>;
balanceSheet: Report;
};
transactions: {
bankTransactions: BankTransaction[];
invoices: Invoice[];
manualJournals: ManualJournal[];
payments: Payment[];
};
assets: FixedAsset[];
contacts: Contact[];
metadata: {
extractedAt: Date;
financialYears: FY[];
transactionCount: number;
};
}
Financial Year Handling
// Australian Financial Year: 1 July - 30 June
function getFinancialYear(date: Date): string {
const month = date.getMonth(); // 0-11
const year = date.getFullYear();
if (month >= 6) { // July onwards
return `FY${year}-${(year + 1).toString().slice(2)}`;
} else {
return `FY${year - 1}-${year.toString().slice(2)}`;
}
}
// FY2024-25: 1 Jul 2024 - 30 Jun 2025