Work is currently underway to get an open API into Xero. For customers this development will mean the introduction of many more ways to make accounting easier. from Payroll solutions such as [iPayroll](http://ipayroll.co.nz) to alternative invoicing solutions such as [Freshbooks](http://www.freshbooks.com) we wanted to open up the Xero API to foster as much innovation in this field as possible.
Version 1 of our API was made available only to selected parters of Xero n the next step is to open this up to the public however there were a few requirements we have to meet first
1. **We don’t want to open your books:**
We care a great deal about the security of your data, we don’t have access to it, only you and the people you invite do. We WILL NOT let the API become a work around for this, any access to your data via the API will be strictly authorised by you.
2. **We don’t want people to have to jump through hoops just to connect to Xero:**
We want to foster innovation, and as such we need to make it as easy as possible to connect to Xero without compromising point 1.
After careful consideration we’ve decided that the best solution is to go with an OAuth and open specification for Authorisation specifically designed for needs such as ours.
We’re hard at work making an Open API compatible with OAuth but we want to start communicating what it will mean for our users and API solution providers.
First let’s go through the experience as a User of Xero:
Presume you want to link up your accounts to a payroll engine such as iPayroll
First you would log into your account at iPayroll and under interfaces there would be a link “Set-up Xero with iPayroll”
![iPayroll Screen MockUp](/wp-content/uploads/2009/02/ipayrolloauthmockup1.png)
Clicking on the link/button you would see Xero’s sign in screen. It is important that you check the url of the screen as it is highly important that you only use your Xero username/password on a Xero.com web page and no where else. (also see [this](http://blog.xero.com/2009/02/protecting-passwords-your-best-security/)
advice on passwords)
![Xero | Login Oauth Mockup](/wp-content/uploads/2009/02/xero-login-oauth-mockup1.jpg)
Once you log in you’ll be asked by Xero to allow iPayroll to access your accounts and you can select which organisations you want iPayroll to have access to:
![Xero | my Xero api Mockup](/wp-content/uploads/2009/02/xero-my-xero-api-mockup1.png)
If you allow access to your account you’ll only allow access to features that you have access to, if you can’t do something in xero the connected application will be unable to do that action.
Once you click on Allow you’ll be redirected back to iPayroll to continue setting up the connection.
There are still a few things to work out from our end (one being the pages you’ll see when going through the process, the above samples are just mock-ups that I hastily created)
For developers there are going to be some major changes to the way connections to Xero are handled, and right now I suggest going over to oauth.net and reading the spec or getting started guide so you can get an idea of what will be required in future.
We’ll also try and ensure that we get a guide up here as we develop the API. for now treat this as a heads up and a demonstration of what the future will be for the Xero API.