DZone Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world

Snippets has posted 5883 posts at DZone. View Full User Profile

PHP Xero Oauth Code

12.30.2009
| 3498 views |
  • submit to reddit
        // This code is code to authenticate to Xero using PHP. It will execute a 'GET Accounts' command and return the request url it has executed and the XML returned by the GET request. TODO = Update it to deal with expired tokens, tidy up into functions, etc. 

<?php

/*
 * Sample Oauth Xero integration code provided by fuzion.co.nz / Eileen McNaughton
 */


/*
 * Define variables
 */
	   $key = 'NGM2NTLLZWU0MWVKNDE3YMFJYJY5OW';
	   $secret = '834N0Q56XZWWIJ1XTSMICHO8HPUTRX';
	   // required for windows implementations or if cert problems are occurring
	   $certPath = 'C:/xampp/php/cacert.pem';
	   //not used in Xero at this stage but retained in code for documentation purposes
	   $callback_url = "http://localhost/oauth/example/xeroSync.php";
	   $pathToOAuthCode = "..";


session_start() ;

	
require_once($pathToOAuthCode ."/OAuth.php");       
if (!$_SESSION[ACCESS_TOKEN]){
 		define("URI", "https://api.xero.com/oauth");
       $request_token_url  = URI.'/RequestToken';
       $parsed = parse_url($request_token_url );
       $params = array();

       $oauth_consumer = new OAuthConsumer($key, $secret,  NULL);
	  if (!$_REQUEST['oauth_verifier']){ 
	   		$req_req = OAuthRequest::from_consumer_and_token($oauth_consumer, NULL, "GET", $request_token_url, $params);
       		$sig_method = new OAuthSignatureMethod_HMAC_SHA1();
       		$req_req->sign_request($sig_method, $oauth_consumer, NULL);
       		$request  = $req_req->to_url();

	       	$ch = curl_init();
		   	// set URL and other appropriate options
			curl_setopt($ch, CURLOPT_URL, $request);
			if ($certPath){
				//required for Windows implementations as Windows version of apache tends not to load certificates
 				curl_setopt($ch, CURLOPT_CAINFO, $certPath);
			}
        	curl_setopt($ch,CURLOPT_RETURNTRANSFER, true); 
 		 	// Make the request
       		$response = curl_exec($ch);

       		//Error Handling:
       		// there is an error while executing the request, 
       		if (!$response) {  
            	$response = curl_error($ch);  
        	}  
       		curl_close($ch);

       		parse_str($response, $params);
       		$oauth_token = $params['oauth_token'];
       		$oauth_token_secret = $params['oauth_token_secret'];
       
       		$_SESSION[REQUEST_TOKEN] = $oauth_token;
       		$_SESSION[REQUEST_TOKEN_SECRET] = $oauth_token_secret;
			// callback_url currently ignored by Xero
       		$auth_url = URI.'/Authorize?oauth_token='.$oauth_token.'&oauth_callback='.urlencode($callback_url);
       		Header("Location: $auth_url");
       
	  }else{
       		$request_token = $_SESSION[REQUEST_TOKEN];
       		$request_token_secret = $_SESSION[REQUEST_TOKEN_SECRET];
     		$access_url = URI.'/AccessToken';
			// Sign access token
	       	$sig_method = new OAuthSignatureMethod_HMAC_SHA1();
	       	$access_consumer = new OAuthConsumer($key, $secret, NULL);
    	   	$access_token = new OAuthConsumer($request_token, $request_token_secret);
       		$parsed = parse_url($access_url);
       		$params = array();
	   		$params['oauth_verifier'] =$_REQUEST['oauth_verifier'];       
		      
       		$acc_req = OAuthRequest::from_consumer_and_token($access_consumer, $access_token, "GET", $access_url, $params);
       		$acc_req->sign_request($sig_method, $access_consumer, $access_token);

			//Step Execute request

	    	$request  = $acc_req->to_url();
    	    $ch = curl_init();
			// set URL and other appropriate options
			curl_setopt($ch, CURLOPT_URL, $request);
	  		if ($certPath){
				//required for Windows implementations as Windows version of apache tends not to load certificates
 				curl_setopt($ch, CURLOPT_CAINFO, $certPath);
			}
        	curl_setopt($ch,CURLOPT_RETURNTRANSFER, true); 
 		 	// Make the request
       		$response = curl_exec($ch);
            if (!$response) {  
            	$response = curl_error($ch);  
        	}  
	       curl_close($ch);

			// Store access token and access token secret
	       	parse_str($response, $params);
	       	$access_token = $params['oauth_token'];
    	   	$access_token_secret = $params['oauth_token_secret'];
       		$_SESSION[ACCESS_TOKEN] = $access_token;
       		$_SESSION[ACCESS_TOKEN_SECRET] = $access_token_secret;
 		}
	}
       


	   $sig_method = new OAuthSignatureMethod_HMAC_SHA1();
       $xml_consumer = new OAuthConsumer($key, $secret, NULL);
       $xml_token = new OAuthConsumer($_SESSION[ACCESS_TOKEN], $_SESSION[ACCESS_TOKEN_SECRET]);
       $parsed = parse_url($access_url);
       $params = array();

	  $xml_url = "https://api.xero.com/api.xro/2.0/Accounts";
       $acc_req = OAuthRequest::from_consumer_and_token($xml_consumer, $xml_token, "GET", $xml_url, $params);
       $acc_req->sign_request($sig_method, $xml_consumer, $xml_token);
	    $request  = $acc_req->to_url();
	    echo "<hr>$request<hr>";  http://snippets.dzone.com/

        $ch = curl_init();
		// set URL and other appropriate options
		curl_setopt($ch, CURLOPT_URL, $request);
		//required for Windows implementations as Windows version of apache tends not to load certificates
 		curl_setopt($ch, CURLOPT_CAINFO, 'C:/xampp/php/cacert.pem');

 		 // Make the request
       $response = curl_exec($ch);


 curl_close($ch);  
?>