Which direction does data flow between Xero and PayPal?

Invoices and manual journals flow from Xero to PayPal for matching and reconciliation. Payment and transaction records flow from PayPal back to Xero to update invoice status and reconcile bank accounts. Both systems remain the source of truth for their respective domains: Xero for invoicing and accounts, PayPal for payments and transactions.

How does ml-connector handle Xero webhooks and PayPal transaction notifications?

ml-connector subscribes to Xero webhooks for invoice and payment events, verifies the Xero webhook signing key on each notification, and follows up with a GET request to fetch the full record since Xero webhooks contain only metadata. PayPal webhooks are verified with RSA-SHA256 signature validation, and ml-connector maps PayPal transactions back to Xero invoices using account codes and invoice references.

What happens if Xero or PayPal rate limits are hit?

ml-connector respects Xero's 5 concurrent call and 60-per-minute limits with queuing and backoff. PayPal transaction search is windowed to 31 days per API constraints to stay within result limits. Failed requests are retried with exponential backoff, and every retry is logged for auditing.

XeroPayPal

Xero and PayPal integration

Xero runs your accounting ledger. PayPal processes payments and holds transaction records. Connecting the two keeps your invoices and payments synchronized without manual entry. Invoices created in Xero automatically sync to PayPal for matching against incoming payments, and PayPal payment records flow back into Xero to update payment status and reconcile accounts. ml-connector bridges the OAuth 2.0 authentication on both sides and manages the webhook signatures and polling cadence.

How Xero works

Xero Accounting API exposes invoices, purchase orders, payments, accounts, contacts, bank transactions, and manual journals through REST endpoints at https://api.xero.com/api.xro/2.0/. All requests require the Xero-tenant-id header to target a specific organization, and authentication uses OAuth 2.0 Authorization Code flow with 30-minute access tokens and 60-day refresh tokens. Xero publishes webhook events for invoices, payments, contacts, and other entities, sending only metadata with each event so a follow-up GET request fetches the full record. The API enforces a rate limit of 5 concurrent calls and 60 per minute per tenant. Deleted records are not returned by default, and invoices and bills use the same endpoint, differentiated by a Type field.

How PayPal works

PayPal REST APIs cover orders, invoices, captures, refunds, transactions, and subscriptions at https://api-m.paypal.com (production) and https://api-m.sandbox.paypal.com (sandbox), with both v1 and v2 path prefixes depending on the endpoint. Authentication uses OAuth 2.0 Client Credentials grant with CLIENT_ID and CLIENT_SECRET sent via HTTP Basic Auth, returning a bearer token with a default eight-hour lifetime. PayPal publishes webhooks for payment events, orders, invoicing, and subscriptions, with RSA-SHA256 signature verification required on each webhook. The platform retries webhooks up to 25 times over 3 days if a non-2xx response is received, and transaction search is limited to a 31-day window with a maximum of 500 results per page.

What moves between them

Invoices and manual journals flow from Xero into PayPal for matching and reconciliation. Payment and transaction records flow from PayPal back to Xero to update invoice payment status and reconcile bank accounts. The sync runs on a schedule aligned with your payment and reconciliation cycles, polling Xero for invoice changes and receiving PayPal webhook notifications for payment events. Account balances are read-only in both systems to avoid write conflicts.

How ml-connector handles it

ml-connector stores Xero organization tenant ID and PayPal Client Credentials encrypted and refreshes OAuth 2.0 tokens before expiry to avoid authentication failures mid-flow. It subscribes to Xero webhooks for Invoice, Payment, and ManualJournal CREATE and UPDATE events, and verifies the Xero webhook signing key on each incoming notification. Because Xero webhooks contain only metadata, ml-connector follows up with a GET request to fetch the full invoice or journal record. PayPal webhook events are verified with RSA-SHA256 signature validation against the paypal-transmission-sig header, and ml-connector maps Xero account codes to PayPal transaction metadata for matching. Xero rate limits are respected with queuing and backoff, and PayPal transaction search is windowed to 31 days to stay within API limits while maintaining real-time reconciliation. Every record carries a full audit trail, and failed webhook deliveries are retried with exponential backoff.

A real-world example

A small business uses Xero for accounting and PayPal for online payments and customer invoicing. The business owner previously exported invoice lists from Xero, manually entered them into a spreadsheet, and matched them against PayPal's transaction report at week-end, often finding discrepancies and missing records. With Xero and PayPal connected, each Xero invoice automatically syncs to PayPal, payment confirmations flow back to mark invoices as paid, and the reconciliation runs in the background. The business owner now reconciles accounts in minutes instead of hours, and invoice payment status is always current.

What you can do

Sync Xero invoices, purchase orders, and manual journals to PayPal as records for matching and reconciliation.
Update Xero invoice payment status when PayPal payments arrive, and record PayPal transactions in Xero's bank account.
Verify Xero webhook signatures and PayPal RSA-SHA256 signatures to ensure data integrity on both sides.
Respect Xero rate limits and PayPal's 31-day transaction search window with intelligent queuing and windowed polling.
Maintain a full audit trail of every invoice, payment, and reconciliation record with timestamps and status changes.

Questions

Which direction does data flow between Xero and PayPal?: Invoices and manual journals flow from Xero to PayPal for matching and reconciliation. Payment and transaction records flow from PayPal back to Xero to update invoice status and reconcile bank accounts. Both systems remain the source of truth for their respective domains: Xero for invoicing and accounts, PayPal for payments and transactions.
How does ml-connector handle Xero webhooks and PayPal transaction notifications?: ml-connector subscribes to Xero webhooks for invoice and payment events, verifies the Xero webhook signing key on each notification, and follows up with a GET request to fetch the full record since Xero webhooks contain only metadata. PayPal webhooks are verified with RSA-SHA256 signature validation, and ml-connector maps PayPal transactions back to Xero invoices using account codes and invoice references.
What happens if Xero or PayPal rate limits are hit?: ml-connector respects Xero's 5 concurrent call and 60-per-minute limits with queuing and backoff. PayPal transaction search is windowed to 31 days per API constraints to stay within result limits. Failed requests are retried with exponential backoff, and every retry is logged for auditing.

Connect Xero and PayPal

Free to use. Add your credentials, ping your real systems, and see if we fit.

Get started