We're building a couple of apps (one internal facing, one client-facing) using retool. A core part of the app is getting clients to connect their Xero accounting software to our app. The community has been extremely helpful (thank you) and we have a working MVP on this front.
The issue is Xero has a limit of 25 clients connected to our app until we become an "app partner", which has some specific requirements in terms of look & feel and security (details below).
My question is simple: has anyone done this before using Retool? If so, are there pointers/thoughts/comments/advice. Ideally, if there's an consultant we could hire to help us through this, we'd gladly do this.
Following this conversation. @drReech, well done. Dedinitely enabling Xero pulling and posting data is a big need I've seen.
I haven't got to the point of becoming an App Partner, but following this conversation as I would love to hear more. If and when you move ahead, do share your experiences as I'm sure they will be super helpful!
I have done this with retool on an internal level with Xero when I operated a firm before selling. It is definitely doable and the Xero team is very helpful when I reached out. I met with one of the team members on the api team and essentially they want to ensure that if your application is on a client facing level, like that of a saas, that you have all the basic capabilities expected.
The user should have the ability to connect their Xero account, and disconnect as well should they wish to. So having the proper ability to do so in your app is needed.
They will do a visual walkthrough with you in an app interview and ask questions to ensure proper security measures are taken for holding client tokens is taken, but it won’t be a thorough audit of sorts. They do a more thorough review when you pass certain thresholds, for example on initial approval They’ll up the cap to 100 users, then above a 100 is more thorough in their questioning and review, beyond 1000 is a much more thorough process.
When I requested a bump in internal client connections they allowed an increase to 100 and essentially reviewed my api call history. They will point out and ask about any error calls, if there was multiple than you’ll want an explanation. In my call I explained that we handled internal books for clients and in some cases we have to do test runs with our app since using real data and books vs their dummy client. They don’t have a sandbox environment really for their api so talking to the api team member as a developer I was able to explain our use case and showed that eventually once we fixed out certain issues it was smooth sailing from there.
You can always shoot them a message in advance for a meeting before applying to see if they can give you some guidance before doing the initial application. Hope this was mildly helpful and best of luck!
Edit: should note our use case was developing a backend automation of client accounting and reconciliation. Xero doesn’t allow users to reconcile transactions pending, so I would pull in bank transactions to reconcile on backend, then push to users books as reconciled. Sometimes we would have scenarios where a contact ids or account ids changed after the fact before pushing to client accounts. So we simply worked out workflows around this to mitigate errors. This helped explained to the developer team that even if an error occurred we’d have a process to fix it routinely. They don’t want a application simply slamming api calls to it with multiple errors and no one is aware basically, it happens more often than you can imagine as they told me.
First an apology for not coming back earlier - I've been away.
Second a huge thank you, that's an incredibly helpful and encouraging post. I suspect we'll never have more than 1,000 clients (it's a b2b app) so hopefully no-one will look at my code too closely!
You mention you've received a lot of help from Xero - tbh, I think their help pages are very well designed, but whenever I've tried to get hold of someone for guidance on this, I've not had a reply. How did you get them to respond?
Best recommendation I can make is to contact them thru the Xero Developer — Xero Developer page. I reached out because I initially needed guidance on getting an increase in client limits, without the normal app approval process, since our use case was entirely for internal use and not to be listed on the app store.
There's no guarantee they'll provide in-depth support while you're still in pre-beta stage in terms of the application. Doesn't hurt to reach out though still.
That said, I would likely get your app up to par as best as possible, then reach out to them. Ensure the client/user oauth flow works, where they can connect their account, and be able to also disconnect as well. This way you can do a test walkthrough with them to show its working properly.