If you’re a Xero Customer and you’re using our fmAccounting Link (Xero Edition) v1 for integrating with the Xero Cloud Accounting platform you should be well aware by now that Xero are moving from OAuth 1.0a to the industry standard OAuth 2.0 for handling authentication with the Xero API. The original deadline to move to OAuth 2.0 for private apps (which is what fmAccounting Link v1 uses for OAuth 1.0a connections) was 31 March 2021 but Xero have recently extended this out until 30 September 2021.
Many of our customers have already made the move to OAuth 2.0, either by upgrading to fmAccounting Link (Xero Edition) v2 which runs natively on the FileMaker 16 or higher platforms and doesn’t require a FileMaker plug-in, or updating an existing fmAccounting Link (Xero Edition) v1 integration. We contacted all our customers back in April 2020 about the options for moving to OAuth 2.0 – you can read the announcement here if you missed this at the time.
As part of the extension of the deadline for private apps until 30 September 2021 Xero have announced that they are working on a new premium, client credentials grant option for machine-to-machine integrations called Custom Connections. This will only be available to Xero subscribers in Australia, New Zealand and the UK. The standard OAuth 2.0 flow that fmAccounting Link already uses for authenticating with the Xero API will still be available (and remain free).
Custom Connections offers a number of advantages over the standard OAuth 2.0 flow, including removing the need to authorise the connection between fmAccounting Link and Xero from within the fmAccounting Link and not having to manage refresh tokens. A Custom Connection can only be connected to a single organisation, so overall the experience will be similar to how the OAuth 1.0a private apps worked.
We plan to offer support for Custom Connections in fmAccounting Link (Xero Edition) v2 once it becomes available in May – we’re currently working out the details about how to incorporate this with as little impact on the existing code as possible. As this is a premium subscription option on top of your existing Xero subscription and only available to Xero subscribers in Australia, New Zealand and the UK we will still support the standard OAuth 2.0 app flow that we currently offer.
Regardless of which option you end up choosing remember that you must update any existing Xero private app integrations that use OAuth 1.0a to OAuth 2.0 by 30 September 2021, otherwise your app will stop working after that. You should have received several notifications from Xero over the past 12 months alerting you to the upcoming deadline so please plan accordingly so your current integration will continue to work after 30 September 2021.
If you have any questions about upgrading your copy of fmAccounting Link (Xero Edition) v1 to use OAuth 2.0 please get in touch.