diff --git a/packages/backend/src/apps/xero/assets/favicon.svg b/packages/backend/src/apps/xero/assets/favicon.svg
new file mode 100644
index 00000000..e1cd725f
--- /dev/null
+++ b/packages/backend/src/apps/xero/assets/favicon.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/packages/backend/src/apps/xero/auth/generate-auth-url.ts b/packages/backend/src/apps/xero/auth/generate-auth-url.ts
new file mode 100644
index 00000000..aafd873e
--- /dev/null
+++ b/packages/backend/src/apps/xero/auth/generate-auth-url.ts
@@ -0,0 +1,22 @@
+import { IField, IGlobalVariable } from '@automatisch/types';
+import { URLSearchParams } from 'url';
+import authScope from '../common/auth-scope';
+
+export default async function generateAuthUrl($: IGlobalVariable) {
+ const oauthRedirectUrlField = $.app.auth.fields.find(
+ (field: IField) => field.key == 'oAuthRedirectUrl'
+ );
+ const redirectUri = oauthRedirectUrlField.value as string;
+ const searchParams = new URLSearchParams({
+ response_type: 'code',
+ client_id: $.auth.data.clientId as string,
+ scope: authScope.join(' '),
+ redirect_uri: redirectUri,
+ });
+
+ const url = `https://login.xero.com/identity/connect/authorize?${searchParams.toString()}`;
+
+ await $.auth.set({
+ url,
+ });
+}
diff --git a/packages/backend/src/apps/xero/auth/index.ts b/packages/backend/src/apps/xero/auth/index.ts
new file mode 100644
index 00000000..fe93971d
--- /dev/null
+++ b/packages/backend/src/apps/xero/auth/index.ts
@@ -0,0 +1,48 @@
+import generateAuthUrl from './generate-auth-url';
+import verifyCredentials from './verify-credentials';
+import refreshToken from './refresh-token';
+import isStillVerified from './is-still-verified';
+
+export default {
+ fields: [
+ {
+ key: 'oAuthRedirectUrl',
+ label: 'OAuth Redirect URL',
+ type: 'string' as const,
+ required: true,
+ readOnly: true,
+ value: '{WEB_APP_URL}/app/xero/connections/add',
+ placeholder: null,
+ description:
+ 'When asked to input a redirect URL in Xero, enter the URL above.',
+ clickToCopy: true,
+ },
+ {
+ key: 'clientId',
+ label: 'Client ID',
+ type: 'string' as const,
+ required: true,
+ readOnly: false,
+ value: null,
+ placeholder: null,
+ description: null,
+ clickToCopy: false,
+ },
+ {
+ key: 'clientSecret',
+ label: 'Client Secret',
+ type: 'string' as const,
+ required: true,
+ readOnly: false,
+ value: null,
+ placeholder: null,
+ description: null,
+ clickToCopy: false,
+ },
+ ],
+
+ generateAuthUrl,
+ verifyCredentials,
+ isStillVerified,
+ refreshToken,
+};
diff --git a/packages/backend/src/apps/xero/auth/is-still-verified.ts b/packages/backend/src/apps/xero/auth/is-still-verified.ts
new file mode 100644
index 00000000..f49edd77
--- /dev/null
+++ b/packages/backend/src/apps/xero/auth/is-still-verified.ts
@@ -0,0 +1,9 @@
+import { IGlobalVariable } from '@automatisch/types';
+import getCurrentUser from '../common/get-current-user';
+
+const isStillVerified = async ($: IGlobalVariable) => {
+ const currentUser = await getCurrentUser($);
+ return !!currentUser.tenantName;
+};
+
+export default isStillVerified;
diff --git a/packages/backend/src/apps/xero/auth/refresh-token.ts b/packages/backend/src/apps/xero/auth/refresh-token.ts
new file mode 100644
index 00000000..da36261f
--- /dev/null
+++ b/packages/backend/src/apps/xero/auth/refresh-token.ts
@@ -0,0 +1,39 @@
+import { URLSearchParams } from 'node:url';
+import { IGlobalVariable } from '@automatisch/types';
+import authScope from '../common/auth-scope';
+
+const refreshToken = async ($: IGlobalVariable) => {
+ const headers = {
+ Authorization: `Basic ${Buffer.from(
+ $.auth.data.clientId + ':' + $.auth.data.clientSecret
+ ).toString('base64')}`,
+ 'Content-Type': 'application/x-www-form-urlencoded',
+ };
+
+ const params = new URLSearchParams({
+ grant_type: 'refresh_token',
+ refresh_token: $.auth.data.refreshToken as string,
+ });
+
+ const { data } = await $.http.post(
+ 'https://identity.xero.com/connect/token',
+ params.toString(),
+ {
+ headers,
+ additionalProperties: {
+ skipAddingAuthHeader: true,
+ },
+ }
+ );
+
+ await $.auth.set({
+ accessToken: data.access_token,
+ refreshToken: data.refresh_token,
+ expiresIn: data.expires_in,
+ idToken: data.id_token,
+ scope: authScope.join(' '),
+ tokenType: data.token_type,
+ });
+};
+
+export default refreshToken;
diff --git a/packages/backend/src/apps/xero/auth/verify-credentials.ts b/packages/backend/src/apps/xero/auth/verify-credentials.ts
new file mode 100644
index 00000000..2b5770fe
--- /dev/null
+++ b/packages/backend/src/apps/xero/auth/verify-credentials.ts
@@ -0,0 +1,53 @@
+import { IField, IGlobalVariable } from '@automatisch/types';
+import getCurrentUser from '../common/get-current-user';
+import { URLSearchParams } from 'url';
+
+const verifyCredentials = async ($: IGlobalVariable) => {
+ const oauthRedirectUrlField = $.app.auth.fields.find(
+ (field: IField) => field.key == 'oAuthRedirectUrl'
+ );
+ const redirectUri = oauthRedirectUrlField.value as string;
+ const headers = {
+ Authorization: `Basic ${Buffer.from(
+ $.auth.data.clientId + ':' + $.auth.data.clientSecret
+ ).toString('base64')}`,
+ 'Content-Type': 'application/x-www-form-urlencoded',
+ };
+ const params = new URLSearchParams({
+ grant_type: 'authorization_code',
+ code: $.auth.data.code as string,
+ redirect_uri: redirectUri,
+ });
+
+ const { data } = await $.http.post(
+ 'https://identity.xero.com/connect/token',
+ params.toString(),
+ {
+ headers,
+ }
+ );
+
+ await $.auth.set({
+ accessToken: data.access_token,
+ tokenType: data.token_type,
+ idToken: data.id_token,
+ });
+
+ const currentUser = await getCurrentUser($);
+
+ const screenName = [currentUser.tenantName, currentUser.tenantType]
+ .filter(Boolean)
+ .join(' @ ');
+
+ await $.auth.set({
+ clientId: $.auth.data.clientId,
+ clientSecret: $.auth.data.clientSecret,
+ scope: $.auth.data.scope,
+ expiresIn: data.expires_in,
+ refreshToken: data.refresh_token,
+ tenantId: currentUser.tenantId,
+ screenName,
+ });
+};
+
+export default verifyCredentials;
diff --git a/packages/backend/src/apps/xero/common/add-auth-header.ts b/packages/backend/src/apps/xero/common/add-auth-header.ts
new file mode 100644
index 00000000..36e42e0f
--- /dev/null
+++ b/packages/backend/src/apps/xero/common/add-auth-header.ts
@@ -0,0 +1,18 @@
+import { TBeforeRequest } from '@automatisch/types';
+
+const addAuthHeader: TBeforeRequest = ($, requestConfig) => {
+ if (requestConfig.additionalProperties?.skipAddingAuthHeader)
+ return requestConfig;
+
+ if ($.auth.data?.accessToken) {
+ requestConfig.headers.Authorization = `${$.auth.data.tokenType} ${$.auth.data.accessToken}`;
+ }
+
+ if ($.auth.data?.tenantId) {
+ requestConfig.headers['Xero-tenant-id'] = $.auth.data.tenantId as string;
+ }
+
+ return requestConfig;
+};
+
+export default addAuthHeader;
diff --git a/packages/backend/src/apps/xero/common/auth-scope.ts b/packages/backend/src/apps/xero/common/auth-scope.ts
new file mode 100644
index 00000000..7a60349e
--- /dev/null
+++ b/packages/backend/src/apps/xero/common/auth-scope.ts
@@ -0,0 +1,9 @@
+const authScope: string[] = [
+ 'offline_access',
+ 'openid',
+ 'profile',
+ 'email',
+ 'accounting.transactions',
+];
+
+export default authScope;
diff --git a/packages/backend/src/apps/xero/common/get-current-user.ts b/packages/backend/src/apps/xero/common/get-current-user.ts
new file mode 100644
index 00000000..2eb6b308
--- /dev/null
+++ b/packages/backend/src/apps/xero/common/get-current-user.ts
@@ -0,0 +1,8 @@
+import { IGlobalVariable } from '@automatisch/types';
+
+const getCurrentUser = async ($: IGlobalVariable) => {
+ const { data: currentUser } = await $.http.get('/connections');
+ return currentUser[0];
+};
+
+export default getCurrentUser;
diff --git a/packages/backend/src/apps/xero/index.d.ts b/packages/backend/src/apps/xero/index.d.ts
new file mode 100644
index 00000000..e69de29b
diff --git a/packages/backend/src/apps/xero/index.ts b/packages/backend/src/apps/xero/index.ts
new file mode 100644
index 00000000..806e388e
--- /dev/null
+++ b/packages/backend/src/apps/xero/index.ts
@@ -0,0 +1,16 @@
+import defineApp from '../../helpers/define-app';
+import addAuthHeader from './common/add-auth-header';
+import auth from './auth';
+
+export default defineApp({
+ name: 'Xero',
+ key: 'xero',
+ baseUrl: 'https://go.xero.com',
+ apiBaseUrl: 'https://api.xero.com',
+ iconUrl: '{BASE_URL}/apps/xero/assets/favicon.svg',
+ authDocUrl: 'https://automatisch.io/docs/apps/xero/connection',
+ primaryColor: '13B5EA',
+ supportsConnections: true,
+ beforeRequest: [addAuthHeader],
+ auth,
+});
diff --git a/packages/docs/pages/apps/xero/connection.md b/packages/docs/pages/apps/xero/connection.md
new file mode 100644
index 00000000..d9a43d3b
--- /dev/null
+++ b/packages/docs/pages/apps/xero/connection.md
@@ -0,0 +1,18 @@
+# Xero
+
+:::info
+This page explains the steps you need to follow to set up the Xero
+connection in Automatisch. If any of the steps are outdated, please let us know!
+:::
+
+1. Go to [Xero developers page](https://developer.xero.com/app/manage).
+2. Click **New app** button in order to create an app.
+3. Fill the **Name** field and choose **Web App**.
+4. Fill the **Company or application URL** field.
+5. Copy **OAuth Redirect URL** from Automatisch to **Redirect URL** field.
+6. Check the terms and conditions checkbox.
+7. Click on the **Create app** button.
+8. Go to **Configuration** page and click the **Generate Client Secret** button.
+9. Copy the **Client id** value to the `Client ID` field on Automatisch.
+10. Copy the **Client secret 1** value to the `Client Secret` field on Automatisch.
+11. Start using Xero integration with Automatisch!
diff --git a/packages/docs/pages/public/favicons/xero.svg b/packages/docs/pages/public/favicons/xero.svg
new file mode 100644
index 00000000..e1cd725f
--- /dev/null
+++ b/packages/docs/pages/public/favicons/xero.svg
@@ -0,0 +1 @@
+
\ No newline at end of file