PHP - Xero API getting the PHP code sample working for Private Applications

Never having used an OAuth API, Xero or OpenSSL before the challenge of getting the Xero API PHP code sample working on my webserver turned out to be difficult with no real step-by-step help for total newbies to be found. So I hope the following helps others:

1) Read through Xero's getting started guide ( but then follow the steps below. 

2) Download the PHP code sample from github ( and put it on your webserver (or localhost)

3) Install openssl (I installed on my windows laptop) and generate a public/private pair of keys (see name them like so:


You do not need the third openssl export command 

4) Go to and login, choose the "My Applications" tab and create a new Private application (do not use IE - its buggy, use chrome). Remember the "Application Name" you choose. Select to "upload a X509 certificate" and upload the publickey.cer file that you created in step 3.

5) Place the privatekey.pem & publickey.cer files onto your webserver/localhost, put it in the "certs" folder that was created in step 2.

6) On your server edit the file private.php, change line 7 ($useragent) to be the name you chose in step 4, enter your key and secret on lines 10 & 12.

7) Open a browser and navigate to the index.php file downloaded in step 2, it should look like this:

8) click on private.php and choose "Contacts GET"  if you get the error:
Error: Curl error: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

then you need to follow the extra steps:

a) Go to the following link 
Press the "raw" button, select all, copy and paste the contents into the file certs/ca-bundle.crt on your webserver/localhost you can replace the previous file.
Note, this is because the original ca-bundle.crt downloaded with the PHP example code is too new, you need an older version, see the following site and notice the reference to "an older ca-bundle from github"

it appears in the code at lib/XeroOAuth.php line 78:

b) go back to step 7 and refresh and then continue with the remaining steps, if you are successful you will see contact details coming from Xero.


Make a Comment


Thanks so much! The perfect foothold.


Legend! Thanks so much for this, the final step of replacing the ca-bundle.crt to get around the SSL certificate problem error had me stuck for about 2 days.


Thank you so much for taking the time to post this. It really helped me out. The web is better place with people like you around. Cheers

Website and Software Development Services
Tweed Heads & Southern Gold Coast

Our network of experienced computer programmers can develop custom software solutions in any language on any platform.

Our Talents

Freelance Power

We maintain a network of local freelance computer programmers that we place in teams to match project requirements. This gives us expertise in a broad range of industries, languages & platforms

Fix, Upgrade or New?

We can fix broken legacy systems, plan and oversee a difficult upgrade, add or unlock new features to your existing software. Or install and set-up new systems from scratch, including hardware and software


We can build solutions fast, Software as a Service (Saas), apps, web applications, desktop software, Minimum Viable Product using Agile Development practices


We can build simple to complex websites, we can deliver the whole package including site design, branding, logos, domains and hosting


C/C++, Java, JavaScript,
Python, Swift, Meteor,
Objective C


MongoDB, NoSQL


Linux, Mac, Windows, iPhone, Android, Smart Phones, Tablets


Wordpress, Drupal, Magento, Moodle, Sharepoint Online, Office 365