Changes to Xero Accounting API Scopes

Xero have recently introduced a change to the authentication scopes for new Xero OAuth Apps that were created on or after March 2, 2026. They are replacing the previous broad scopes with more  granular scopes to give you more control and security.

If you are trying to authenticate the fmAccounting Link (Xero Edition) solution with an OAuth App created on or after March 2, 2026 you will likely encounter this error:'

To resolve this you will need to change the $url variable in the script Xero Authentication - OAuth 2.0 Start to use the following calculation:

fmAccounting Link (Xero Edition) Single Organisation.fmp12 file

"https://login.xero.com/identity/connect/authorize?response_type=code&client_id=" & Interface::ClientID & "&redirect_uri=" & Interface::RedirectURI & "&scope=accounting.invoices accounting.payments accounting.banktransactions accounting.manualjournals accounting.reports.executivesummary.read accounting.reports.trialbalance.read accounting.settings accounting.contacts accounting.attachments payroll.employees payroll.timesheets payroll.settings offline_access&state=" & Get ( PersistentID )

fmAccounting Link (Xero Edition) Multiple Organisations.fmp12 file

"https://login.xero.com/identity/connect/authorize?response_type=code&client_id=" & Organisations::ClientID & "&redirect_uri=" & Organisations::RedirectURI & "&scope=accounting.invoices accounting.payments accounting.banktransactions accounting.manualjournals accounting.reports.executivesummary.read accounting.reports.trialbalance.read accounting.settings accounting.contacts accounting.attachments payroll.employees payroll.timesheets payroll.settings offline_access&state=" & Get ( PersistentID )

This will then allow you to successfully authenticate with your Xero OAuth App. Existing apps created before 2 March 2026 will be assigned the new granular scopes by the end of April 2026 and will have until September 2027 to switch over the scopes they’re using.

N.B. the new scopes do not include the accounting.journals.read scope by default anymore. Access to the Journals API requires a Xero security assessment (initial and annual) and use case approval, and is only available starting at the more expensive Advanced tier. Most fmAccounting Link customers will be on the Starter tier which is free but does not include access to the Journals API endpoint.

You can get more information about the changes to the Xero Accounting API Scopes here:

Still need help? Contact Us Contact Us