Xero Connection Broken – “Type”:null,”Title”:”Unauthorized”,”Status”: Forbidden401,”Detail”:”AuthenticationUnsuccessful”

Modified on Sun, 18 Feb 2024 at 08:02 AM


What does this error mean? – This error message indicates that the secure connection to Xero is broken due to the Xero security token failing or expiring.  It can happen in a number of circumstances such as during an upgrade sometimes depending on the code that gets changed or if the user who created the Xero app has had his account closed. The normal connection status should be like below ie Active in green.



How do I fix it? – You can fix it by clicking on the Authorise button and reconnecting. If you are not logged into Xero it will prompt you to login.  If it is showing as already connected then select continue with existing organisation and it will reconnect.  The status button should then go to Active, ie green, and orders should then send again. Try sending or resending an order to check it is working.  If this fails to re-establish the connection then go to connection settings in Xero and disconnect the Xeroom app and then go back and try again to reconnect in Xeroom.

What is the cause? – Apart from occasionally when the Xero platform drops all its connections to external sites such as yours for some technical or security reason, this error most commonly happens when you – or someone in your organisation – tries to connect another app above the 2 app limit to Xero (ie 2 “unauthorised apps” which means that they are not separate SAAS platforms but accessing via the Xero API) , as it kicks out an existing app.  Alternatively a person may have removed the app or the person who created the app is no longer a Xero user in your organisation.

Will it happen again? – To avoid this happening we have improved the connection stability with an automatic Xero token refresh every 15 mins which prevents other apps from taking the connection limit.  If it is still happening frequently eg every few days, then please check the cause above and ensure that you are using the latest version of Xeroom.  If you are then submit a ticket to our support desk.  

Forbidden Status 403 in error message cf Status 401

The 403 status code has a slightly different implication. It tells the client, "I know who you are, but you're not allowed here." Even if the client provides valid authentication credentials, the server can still return a 403 if the client doesn't have permission to access the requested resource.  This points to not just an invalid token but  invalid connection credentials so please check and recreate your secret in the Xero application.

Error 500 cannot connect – If you get this error then it indicates that the app is not configured correctly any more eg due to a change in url or permalinks.  The correct url to use is shown in Xeroom in bold blue and this will need updating in your Xero app if there has been a change.  Detailed troubleshooting for this is given here https://www.xeroom.com/installation-instructions/.

If this doesn’t fix it then try:

1. Recreate the API keys from your Xero app – In Xero go to Settings/connected apps select your app and first try creating a new secret and if that doesn’t fix it a new Client ID too – these must be copied into the Xeroom settings boxes as shown below. This will create a new security token for your connection.

2. Staff changes - A common cause is that the person who created the app in Xero has been deleted from Xero by the administrator which removes their apps. If this is the case then you will need to recreate the app as per the step-by-step instructions on our website https://www.xeroom.com/installation-instructions/.


3. Permalinks – If someone has changed your permalinks structure this will break the connection due to the Xero URI in the Xero app changing.  In version 2.2.3 we added the display of the URI link for your site in the Xero settings section of Xeroom.  This is what must be used in the Xero app for it to find the end-point.  If it is wrong you will also get an Error 500.


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article