Finally, we have grown enough to the stage of creating a Xero Partner application. Integration can be challenging especially when matters of security are involved. In this case, we had to juggle with lots of different pieces which needed to fall in to the right place and in the right order. Putting all the bits together proved to be more demanding than we initially thought. This story has a happy ending which we are glad to share. We would also like to thank the Xero support guys who were very prompt in answering our questions.
Though the code samples are in Scala http://www.scala-lang.org/, the steps below are applicable to Java and any other JVM language.
This walk-through assumes you have installed the Xero Entrust certificate and have split the p12 file exported from Firefox according to the instructions here: http://blog.xero.com/developer/api-overview/partner-applications/#techni...
- Step 1: test with Firefox
After installing the partner certificate issues by Entrust, access https://api-partner.network.xero.com/api.xro/2.0/Journals with Firefox. If you get a 403, return to the Entrust website and install the CA certificates (option available on the left hand side menu - Install). Hit the service endpoint again and you should see an oauth error.
- Step 2: test with curl http://curl.haxx.se/
On the Entrust web site, select the the Display option on the CA certificates group copy paste the certificate into a pem file (e.g. entrust.pem ). The following should return the same oauth error as in Firefox, but not 403.
- Step 3: setup a Java KeyStore with the CA certificate, the client certificate and the private key
- Step 4: setup the keystore as the default
Use the following Java system options:
- Step 5: authenticate with Xero using https://code.google.com/p/oauth/ .
The library is using Apache Http 4.x DefaultHttpClient, which doesn't make use of the system properties like keyStore and keyStorePassword, hence we need to configure it to use them. We can do that by providing an implementation of HttpClientPool:
- Step 6: making the OAuth call
Though integrating different software solutions can be challenging at times, we hope that the steps above will help to avoid pitfalls and occasional frustration.
Andrei Oprisan, CTO at Smeebi