NAME

WebService::Xero::Agent::PublicApplication - Connects to Xero Public Application API

VERSION

Version 0.11

SYNOPSIS

Public Applications

Public applications use a 3-legged authorisation process. A user will need to authorise your application against each organisation that you want access to. For a great description of the 3-legged flow see http://oauthbible.com/#oauth-10a-three-legged .

For a working example that uses Mojolicious Web Framework see https://github.com/pscott-au/mojolicious-xero-public-app-demo

XERO PUBLIC APPLICATION API CONFIGURATION

Public applications are configured in the Xero Developer API Console. These setting are used in your application to access your user's Xero Accounting data through Xero's Public Application API.

Your users will be directed from your website to Xero and asked for access confirmation. If they agree your application will use an Access Token to query Xero data for the life of the session (up to 30 minutes).

You application can then access the Xero Services to retrieve, update and create contact, invoices etc.

See https://app.xero.com/Application for more detail.

TODO

METHODS

get_request_token()

Takes the callback URL as a parameter which is used to create the request for
a request token. The request is submitted to Xero and if successful this
method eturns the Token and sets the 'login_url' property of the agent.

Assumes that the public application API configuration is set in the agent ( CONSUMER KEY and SECRET )

get_access_token()

When Xero redirects the user back to the application it includes parameters that
when combined with the previously generated token can be used to create an access
token that can access the Xero API services directly.

INPUT PARAMETERS AS A LIST ( NOT NAMED )

$oauth_token oauth_token GET Param includes in the redirected request back from Xero $oauth_verifier auth_verifier GET Param includes in the redirected request back from Xero $org org GET Param includes in the redirected request back from Xero $stored_token_secret $stored_token

When the Xero callback redirect returns the user to the application after authorising the
app in Xero, the get params oauth_token and oauth_verifier are included in the URL which

do_xero_api_call()

INPUT PARAMETERS AS A LIST ( NOT NAMED )

* $uri (required) - the API endpoint URI ( eg 'https://api.xero.com/api.xro/2.0/Contacts/') * $method (optional) - 'POST' or 'GET' .. PUT not currently supported * $xml (optional) - the payload for POST updates as XML

RETURNS

  The response is requested in JSON format which is then processed into a Perl structure that
  is returned to the caller.

The OAuth Dance

Public Applications require the negotiation of a token by directing the user to Xero to authenticate and accepting the callback as the user is redirected to your application.

To implement you need to persist token details across multiple user web page requests in your application.

To fully understand the integration implementation requirements it is useful to familiarise yourself with the terminology.

OAUTH 1.0a TERMINOLOGY

Authentication occurs in 3 steps (legs):

Step 1 - Get an Unauthorised Request Token

use WebService::Xero::Agent::PublicApplication;

my $xero = WebService::Xero::Agent::PublicApplication->new( CONSUMER_KEY    => 'YOUR_OAUTH_CONSUMER_KEY', 
                                                      CONSUMER_SECRET => 'YOUR_OAUTH_CONSUMER_SECRET', 
                                                      CALLBACK_URL    => 'http://localhost/xero_tester.cgi'
                                                      );
my $callback_url = 'http://localhost/cgi-bin/test_xero_public_application.cgi'; ## NB Domain must be configured in Xero App Config
$xero->get_request_token(  $callback_url ); ## This generates the token to include in the user redirect (A)
## NB need to store $xero->{oauth_token},$xero->{oauth_token_secret} in persistent storage as will be required at later steps for this session.
print $xero->{login_url}; ## need to include a link to this URL in your app for the user to click on    (B)

Step 2 - Redirect User

user click on link to $xero->{login_url} which takes them to Xero - when they authorise your app they are redirected back to your callback URL (C)(D)

Step 3 - Swap a Request Token for an Access Token

 The callback URL includes extra GET parameters that are used with the token details stored earlier to obtain an access token.
 
my $oauth_verifier = $cgi->url_param('oauth_verifier');
my $org            = $cgi->param('org');
my $oauth_token    = $cgi->url_param('oauth_token');

$xero->get_access_token( $oauth_token, $oauth_verifier, $org, $stored_token_secret, $stored_oauth_token ); ## (E)(F)

Step 4 - Access the Xero API using the access token

my $contact_struct = $xero->do_xero_api_call( 'https://api.xero.com/api.xro/2.0/Contacts' );  ## (G)

Other Notes

The access token received will expire after 30 minutes. If you want access for longer you will need the user to re-authorise your application.

Xero API Applications have a limit of 1,000/day and 60/minute request per organisation.

Your application can have access to many organisations at once by going through the authorisation process for each organisation.

Xero URLs used for authorisation and using the API

Get an Unauthorised Request Token: https://api.xero.com/oauth/RequestToken Redirect a user: https://api.xero.com/oauth/Authorize Swap a Request Token for an Access Token: https://api.xero.com/oauth/AccessToken Connect to the Xero API: https://api.xero.com/api.xro/2.0/

AUTHOR

Peter Scott, <peter at computerpros.com.au>

BUGS

Please report any bugs or feature requests to bug-webservice-xero at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=WebService-Xero. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.

SUPPORT

You can find documentation for this module with the perldoc command.

perldoc WebService::Xero::Agent::PublicApplication

You can also look for information at:

ACKNOWLEDGEMENTS

LICENSE AND COPYRIGHT

Copyright 2016 Peter Scott.

This program is free software; you can redistribute it and/or modify it under the terms of the the Artistic License (2.0). You may obtain a copy of the full license at:

http://www.perlfoundation.org/artistic_license_2_0

Any use, modification, and distribution of the Standard or Modified Versions is governed by this Artistic License. By using, modifying or distributing the Package, you accept this license. Do not use, modify, or distribute the Package, if you do not accept this license.

If your Modified Version has been derived from a Modified Version made by someone other than you, you are nevertheless required to ensure that your Modified Version complies with the requirements of this license.

This license does not grant you the right to use any trademark, service mark, tradename, or logo of the Copyright Holder.

This license includes the non-exclusive, worldwide, free-of-charge patent license to make, have made, use, offer to sell, sell, import and otherwise transfer the Package with respect to any patent claims licensable by the Copyright Holder that are necessarily infringed by the Package. If you institute patent litigation (including a cross-claim or counterclaim) against any party alleging that the Package constitutes direct or contributory patent infringement, then this Artistic License to you shall terminate on the date that such litigation is filed.

Disclaimer of Warranty: THE PACKAGE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS "AS IS' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT ARE DISCLAIMED TO THE EXTENT PERMITTED BY YOUR LOCAL LAW. UNLESS REQUIRED BY LAW, NO COPYRIGHT HOLDER OR CONTRIBUTOR WILL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING IN ANY WAY OUT OF THE USE OF THE PACKAGE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.