Power BI and Xero: Automating Your Accounting Data Refresh

Introduction to Power BI and Xero Integration

Power BI’s out-of-the-box “Web” connector accepts Basic credentials. However, it cannot natively refresh OAuth 2.0 tokens in the Power BI Service. This limitation can be a significant hurdle when you want accounting data from Xero to refresh automatically in the cloud. Fortunately, RequestRocket provides a solution. It translates Xero’s OAuth 2.0 flow into a Basic credential that Power BI understands, without ever exposing your access or refresh tokens. Follow the workflow below, and you will have a live Xero dataset refreshing in Power BI in about 10 minutes.

Prerequisites

Before you begin, ensure you have the following:

Step 1: Register a “Web App” in Xero

1. Sign in at developer.xero.com → My Apps → New App.

2. Select Web app and fill out the form:

3. App name: PowerBI (or any descriptive name)

4. Company URL: https://requestrocket.com

5. Redirect URI: https://app.requestrocket.com/webhooks/oauth2

6. Agree to the T&Cs and click Create app.

7. On the next page, copy the Client ID, then click Generate a secret and copy that too.

   
   

Create a Web App

Take note of your ClientID and Secret

Step 2: Create an OAuth 2 Target Credential in RequestRocket

1. Go to Credentials → New → Name: Xero Target Credentials.

2. Set Type: target | Auth type: OAuth2.

3. Populate the Secret section as follows:

4. Grant type: Authorization Code

5. Client ID (from Xero)

6. Client Secret (from Xero)

7. Authorization URL: https://login.xero.com/identity/connect/authorize

8. Access Token URL: https://identity.xero.com/connect/token

9. Redirect URI: https://app.requestrocket.com/webhooks/oauth2

10. Scope: offline_access accounting.reports.read accounting.transactions read accounting.settings openid profile email accounting.contacts

11. Token prefix: Bearer (leave default)

12. Add to Header: ✔️ checked

13. Click Create, then choose Authenticate. Xero will open, ask for consent, and redirect back. You should see Authentication Successful.

    
    

Create an Oauth2 Target Credential

Enter all the OAuth2 authorization code details

Log into Xero and accept the request

Step 3: Create a Target for the Xero Accounting API

• Go to Targets → New → Name: Xero API.

• Set Base URL: https://api.xero.com/.

• Attach the OAuth 2 credential you just created.

  
  

Create a target route

Step 4: Create a Basic Credential for Power BI

• Go to Credentials → New → Name: UserName Password.

• Set Type: proxy | Auth type: Basic.

• Enter any username you like and let RequestRocket generate a secure password.

  
  

Create a username/password Proxy Credential

Make sure to copy these values somewhere safe. Power BI and the on-prem gateway will use them.

Step 5: Build the Proxy that Ties Everything Together

1. Go to Proxies → New → Name: Xero API Proxy | Enable toggle Active.

2. Set Proxy Credential: UserName Password (from step 4).

3. Set Target: Xero API | Target Credential: Xero Target Credentials.

4. Leave Additional Headers blank for now.

5. Click Create. Note the Base URL that appears, for example, https://ap-southeast-2.requestrocket.com/api/e910b056-bb22-4e34-a1fe-c1234567899d.

   
   

Create a Proxy that links your Proxy Credential, Target and Target Credentials

Step 6: List Your Xero Tenants (First Request)

The first call returns the tenantId that Xero expects on every data request.

1. In Power BI (or Postman), set GET to `{proxyBaseUrl}/connections`.

2. Choose Basic Auth and enter the username and password from step 4.

3. Send the call and copy the tenantId from the response.

   
   

Make a Web Request - Enter your Proxy Base URL and append the "Connections" endpoint

Authenticate with your Proxy Credential username and password

Take note of your TenantID

Step 7: Pin the Tenant ID to the Request Header via the Proxy

It's crucial not to skip this step. Power BI only allows headers to be added on web requests made anonymously. This poses a risk as your credentials may be exposed in the code. To ensure security, we need RequestRocket to add those headers instead of Power BI.

In the proxy Edit page, set an additional header:

Now Power BI no longer needs to send that header, which it can't do if you're using a Basic authenticated web request.

Update the Proxy with additional Headers

At this point, we have everything we need to make authenticated calls From Power BI → Via RequestRocket → To Xero.

Step 8: Bring Any Data into Power BI

You can query any endpoint, such as the Accounts list.

1. Go to Get data → Web again, this time using:

   `{proxyBaseUrl}/api.xro/2.0/Accounts`

2. Authenticate with your Basic credentials (i.e., Username and Password).

3. Power Query will display your chart of accounts.

   
   

You can repeat this process with other endpoints (Profit and Loss, Invoices, etc.) by simply changing the path.

Conclusion

RequestRocket allows you to replace the authentication of any target system with the authentication method you prefer. In this tutorial, we've demonstrated how to directly consume the Xero API into Power BI without the need for expensive middleware. This approach is not limited to Xero; it applies to any OAuth 2.0 and 2.1 authenticated system, as well as any other system where you want to secure your credentials instead of exposing them in your code.