OAuth
OAuth is an open authorisation standard that lets you grant a third-party application access to your accounts — such as Xero — without sharing your password, by issuing a scoped, revocable token instead.
OAuth (Open Authorisation) is the industry-standard protocol for delegating access to an application without handing over your login credentials. When you connect Xero to an AI bookkeeping tool, a payroll provider, or an Open Banking feed, you are almost certainly going through an OAuth flow: you see the Xero login screen, confirm the permissions requested, and Xero issues an access token to the connecting application. Your password never leaves Xero.
Why it matters in a bookkeeping context
The token Xero issues is scoped — it can only do what you agreed to during the authorisation step. A read-only integration receives a token that cannot create or alter records. You can revoke a token at any time from Xero’s Connected Apps settings (under the organisation), which immediately cuts off the third party without requiring a password change.
OAuth is also the foundation for how AI assistants connect to Xero via the Accounting API or the official MCP server. When an assistant queries your invoices or pulls account balances, it presents a valid OAuth token on each request. If the token expires or is revoked, the connection fails cleanly rather than silently accessing stale data.
For a small UK business, the practical implication is straightforward: check your Xero connected apps periodically. Revoke anything you no longer recognise or no longer use.