Specifies the authentication scheme used to establish a connection to Xero. It determines the authentication mechanism required for validating the user's identity and allows integration with various OAuth providers. Accepted entries are OAuth, PKCE, or OAuthClient.

Possible Values

OAuth, PKCE, OAuthClient

Data Type

string

Default Value

"PKCE"

Remarks

Supported authentication methods for new applications include:

• OAuth: Uses OAuth 2.0 with a client ID and client secret. Recommended for server-side applications where credentials can be securely stored. OAuth supports token-based authentication and refresh.
• PKCE (Proof Key for Code Exchange): Uses OAuth 2.0 with only a client ID. Ideal for client-side or public applications (such as desktop or mobile apps) where a secret cannot be securely stored.
• OAuthClient: Uses OAuth client credentials flow with a client ID and secret. This mode allows programmatic access without user interaction. Only available with a Custom Connection license from Xero.

Choose the authentication method based on your application's context. Client-side apps should generally use PKCE, while backend apps may use OAuth or OAuthClient depending on licensing and automation needs.