Specifies the OAuth scopes that the application requests when authenticating with Xero. Scopes define the specific permissions the application is requesting from the user or organization, and determine what data and actions the application is allowed to access.

Syntax

Connect-Xero -Scope string

Data Type

cstr

Default Value

""

Remarks

By default, the cmdlet requests authorization for the recommended set of scopes for use with Xero:

• accounting.transactions
• accounting.journals.read
• accounting.reports.read
• accounting.settings
• accounting.contacts
• accounting.attachments
• accounting.budgets.read
• payroll.employees
• payroll.payruns
• payroll.payslip
• payroll.timesheets
• payroll.settings
• files
• assets
• projects

You can override the default by setting this property to a space-separated list of OAuth scopes that match your application's needs.

Example:

Scope = "openid email profile accounting.transactions accounting.reports.read"

Only include scopes your application needs to improve user trust and reduce risk. Make sure the scopes are supported by the API endpoints you plan to use. When modifying this property, ensure your OAuth app is registered with those scopes on the provider side as well.

Note: Changes to scopes require re-authentication. Existing tokens are not granted additional permissions automatically.