Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
xero-node
Advanced tools
NodeJS Client for the Xero API, supporting Public, Private and Partner Apps
NodeJS Client for the Xero API. Works with ES5, ES6+ and TypeScript.
Supports all application types:
Version 3 has been rebuilt fron the ground-up using TypeScript, to make it more maintainable and to take advantage of modern JavaScript features.
get
, put
, post
, delete
) for calling any unsupported endpointsThis SDK is published as an npm package called xero-node
.
npm install --save xero-node
Create a config.json
file:
{
"appType": "private",
"consumerKey": "your_consumer_key",
"consumerSecret": "your_consumer_secret",
"callbackUrl": null,
"privateKeyPath": "C:\\keys\\your_private_key.pem"
}
Then add the following JavaScript (example works in NodeJS version 8 and above):
const XeroClient = require('xero-node').AccountingAPIClient;
const config = require('./config.json');
(async () => {
// You can initialise Private apps directly from your configuration
let xero = new XeroClient(config);
const result = await xero.invoices.get();
console.log('Number of invoices:', result.Invoices.length);
})();
Create a config.json
file:
{
"appType": "public",
"consumerKey": "your_consumer_key",
"consumerSecret": "your_consumer_secret",
"callbackUrl": null,
"privateKeyPath": "C:\\keys\\your_private_key.pem"
}
Then add the following JavaScript (example works in NodeJS version 8 and above):
const XeroClient = require('xero-node').AccountingAPIClient;
const config = require('./config.json');
(async () => {
let xero = new XeroClient(config);
// Create request token and get an authorisation URL
const requestToken = await xero.oauth1Client.getRequestToken();
console.log('Received Request Token:', requestToken);
authUrl = xero.oauth1Client.buildAuthoriseUrl(requestToken);
console.log('Authorisation URL:', authUrl);
// Send the user to the Authorisation URL to authorise the connection
// Once the user has authorised your app, swap Request token for Access token
const oauth_verifier = 123456;
const savedRequestToken = {
oauth_token: 'aaa',
oauth_token_secret: 'bbb'
};
const accessToken = await xero.oauth1Client.swapRequestTokenforAccessToken(savedRequestToken, oauth_verifier);
console.log('Received Access Token:', accessToken);
// You should now store the access token securely for the user.
// You can make API calls straight away
const result = await xero.invoices.get();
console.log('Number of invoices:', result.Invoices.length);
// When making future calls, you can initialise the Xero client direectly with the stored access token:
const storedAccessToken = {
oauth_token: 'aaa',
oauth_token_secret: 'bbb',
oauth_session_handle: 'ccc',
oauth_expires_at: '2018-01-01T01:02:03'
};
const xero2 = new XeroClient(config, storedAccessToken);
const invoices = await xero2.invoices.get();
console.log('Number of invoices:', invoices.Invoices.length);
})();
There are lots of TODOs in code and on our GitHub Projects kanban board - feel free to pick one off.
After you clone the repository, run npm install
to install required dependencies.
private-config-example.json
to private-config.json
in the integration test directory.partner-config-example.json
if required.)npm test
A simple and intuitive interface. eg:
PUT https://api.xero.com/api.xro/2.0/ContactGroups/b05466c8-dc54-4ff8-8f17-9d7008a2e44b/Contacts
becomes:
xero.contacts.contactGroups.create(contact)
Matching SDK methods names to endpoints, allows consumers to read the official API documentation and translate it to SDK method calls quickly.
That rather than using HTTP verbs (.put()
, .post()
etc) the SDK will use actions. Example get()
, create()
,delete()
, update()
. This abstracts away Xero's funny PUT
vs POST
.
A simple and single OAuth flow. Rather than automatically refreshing tokens, the SDK we will expose methods which allow the OAuth methods eg Refreshing Tokens etc. Consideration is also being made to OAuth2.
Abstracted underlyting OAuth/HTTP lib. This will allow swapping it out if we needed. The SDK won't bleed the OAuth libs exception types onto the consumer when it hits a 500/400 etc. Having a OAuth/HTTP layer will allow reuse and extension to other APIs (Payroll, Expenses etc).
Minimal to no entity/request/response validation. A consumer will pass in JSON and get JSON out. There will be no manipulation of data along the way. Helper methods if asked for will be provided by a separate module. This will reduce maintenance costs.
Unit tests!
Writing the SDK in Typescript will allow us to provide TS types for the API's contracts, and it's what we use internally at Xero. This will also aid in self-generated docs.
@philals @iamam34 @bryanlloydtee @dannyvincent @dupski
FAQs
Xero NodeJS OAuth 2.0 client for xero-node
The npm package xero-node receives a total of 56,250 weekly downloads. As such, xero-node popularity was classified as popular.
We found that xero-node demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.