ml-connector
XeroBasware

Xero and Basware integration

Xero runs your accounting ledger. Basware automates accounts payable, from invoice receipt through coding, matching, and approval. Connecting the two means a supplier invoice that Basware has finished processing posts straight into Xero as a bill, with no manual re-keying. ml-connector also keeps Basware's coding panel stocked with your live Xero suppliers and account codes, and tells Basware when each bill has been paid. The two APIs are quite different on each side, and ml-connector moves the data on the cadence you set.

How Xero works

Xero exposes contacts (one object for both customers and suppliers), invoices and bills under a single Invoice object split by Type ACCREC or ACCPAY, purchase orders, payments, the chart of accounts, and tracking categories through the REST Xero Accounting API. Authentication is OAuth 2.0 authorization code: the access token lasts 30 minutes and the refresh token lasts 60 days, and every call carries a Bearer token plus a Xero-tenant-id header to target one organization. Lists are page-based at 100 records per page, and an If-Modified-Since header fetches only records changed since a timestamp. Xero pushes metadata-only webhooks signed with HMAC-SHA256, so a follow-up GET is needed to read the full record.

How Basware works

Basware is an AP automation platform, not a general ledger, so its strength is the invoice lifecycle rather than financial reporting. Its REST P2P API exposes accounting documents (coded and approved supplier invoices), vendors, purchase orders, and write-only master data imports for GL accounts and cost dimensions. Authentication is OAuth2 client credentials: the client id and secret are sent as Basic auth to mint a bearer token that lasts about an hour with no refresh token, and the base URL is region-specific (EU, US, AU, or CA). Basware pushes P2P webhooks signed with HMAC-SHA256 in an X-BWAPI-Signature-256 header when a document is ready for transfer, and pagination uses a continuation token returned in a response header.

What moves between them

The main flow runs from Basware into Xero. When Basware finishes coding and approving a supplier invoice it marks the accounting document ready for transfer, and ml-connector reads it and creates an ACCPAY bill in Xero with the supplier contact, line amounts, account codes, and tracking. ml-connector then posts a transfer response back to Basware to confirm the document landed in the ledger. In the other direction, Xero supplier contacts and the chart of accounts are pushed into Basware as vendor and account master data so the coding panel only offers valid values. Once Xero records a payment against a bill, ml-connector sends a payment response back to Basware so its records show the invoice as paid.

How ml-connector handles it

ml-connector stores both credential sets encrypted and runs two different token cycles: it mints a fresh Basware bearer token roughly every hour from the client id and secret, and it refreshes the Xero access token before its 30-minute expiry using the stored refresh token. It records the Basware region per customer so it calls the correct base URL. Basware webhooks signed with X-BWAPI-Signature-256 trigger a transfer as soon as a document is approved, and a scheduled poll using the continuation-token header backfills anything a webhook missed. A Basware accounting document becomes a Xero Invoice with Type ACCPAY, supplier coding lines map to Xero account codes and tracking categories, and the supplier maps to a Xero Contact with IsSupplier set. Because Xero has no native idempotency key, ml-connector supplies the Xero InvoiceID as the dedup anchor so a retried transfer updates the same bill rather than creating a duplicate. Master data pushed into Basware overwrites manual edits on the next import, so ml-connector treats Xero as the system of record for suppliers and accounts. Vendors and accounts are aligned first, so every imported invoice line references an account code that already exists. Failed calls are retried with backoff, and every record carries a full audit trail and can be replayed.

A real-world example

A mid-sized professional services firm of around 250 staff keeps its books in Xero and routes every supplier bill through Basware for coding and approval. Before the integration, an AP clerk re-keyed each approved invoice from Basware into Xero by hand, picking the supplier and account code again and occasionally fat-fingering a cost center, and the team had no clean signal back in Basware showing which bills were actually paid. With Xero and Basware connected, approved invoices post into Xero as bills automatically with their coding intact, the Basware coding panel always reflects the live Xero chart of accounts, and payment status flows back so the AP team can see in Basware which invoices have cleared. The double entry and the reconciliation guesswork are gone.

What you can do

  • Post coded and approved Basware supplier invoices into Xero as ACCPAY bills with their account codes and tracking intact.
  • Push Xero supplier contacts and the chart of accounts into Basware so its coding panel only offers valid values.
  • Confirm transfer and payment status back to Basware so its records show each invoice as posted and paid.
  • Bridge the Basware client-credentials token cycle and the Xero OAuth refresh, and respect the Basware region per customer.
  • Trigger on Basware webhooks with a scheduled poll backfill, deduplicate on the Xero InvoiceID, and keep a full audit trail.

Questions

Which direction do invoices move between Xero and Basware?
Invoices move from Basware into Xero. Once Basware has coded and approved a supplier invoice and marked it ready for transfer, ml-connector creates it in Xero as an ACCPAY bill. It then sends a transfer response back to Basware so both systems agree the document was posted to the ledger.
How does the integration handle the two different authentication methods?
Basware uses OAuth2 client credentials, where the client id and secret are sent as Basic auth to mint a bearer token that lasts about an hour with no refresh token. Xero uses the OAuth 2.0 authorization code flow with a 30-minute access token and a 60-day refresh token plus a Xero-tenant-id header. ml-connector stores both sets encrypted, mints a new Basware token each hour, and refreshes the Xero token before it expires.
Does Basware overwrite supplier and account changes made by hand?
Yes. Basware overwrites manual edits to any record managed through the API on the next import, with no merge step. Because of this, ml-connector treats Xero as the system of record for suppliers and the chart of accounts and pushes them into Basware so the coding panel stays aligned with the ledger.

Related integrations

More Xero integrations

Xero and Adobe CommerceXero and ADPXero and AdyenXero and AirbaseXero and Amazon Seller CentralXero and AnaplanXero and SAP AribaXero and AsanaXero and AvalaraXero and AvidXchangeXero and BambooHRXero and BigCommerce

Other systems that connect to Basware

Acumatica and BaswareDATEV and BaswareDeltek and BaswareMicrosoft Dynamics 365 Business Central and BaswareMicrosoft Dynamics 365 F&O and BaswareMicrosoft Dynamics GP and BaswareMicrosoft Dynamics NAV and BaswareEpicor Kinetic and BaswareExact Online and BaswareFreshBooks and BaswareIFS Cloud and BaswareInfor CloudSuite and Basware

Connect Xero and Basware

Free to use. Add your credentials, ping your real systems, and see if we fit.

Get started