To have a permanent access to a customer Xero file, a Xero Partner Application is required. More information can be found on the Xero website: https://developer.xero.com/documentation/auth-and-limits/partner-applications
To securely access the Xero Partner API, a certificate must be generated and uploaded against the partner application.
To generate a public/private certificate pair on a Linux OS, run the following command:
openssl req -x509 -newkey rsa:4096 -keyout [my_certificate].pem -out [my_certificate].cer -days 730 -nodes -subj "/C=AU/ST=NSW/L=Sydney/O=[MyOrganisation]/OU=IT/CN=[example.com]/emailAddress=[contact@example.com]" |
Do not forget to specify your own certificates attributes in the subj parameter:
The duration of the certificate is specified in days with the parameter day. it is recommended to use a duration of 2 years.
Then log into the Xero Applications management console and upload the Public Key Certificate xero_maestrano_dev.cer
Update the environment property oauth_xero_private_key with the content of the private certificate
Copy the private key file in your ansible script configuration mno-deploy-myproject/ansible/files/xero_certs/[environment]/privatekey.pem
The Xero Entrust Certificates have been deprecated, more information here: https://developer.xero.com/documentation/auth-and-limits/entrust-certificate-deprecation |