NetSuite and Xero connectors: register tokens via API

Stylised view: tokens into encrypted storage, then an event to the processing queue.

These routes store OAuth tokens encrypted server-side and emit a sync signal for the organisation. Automatic GL ingestion for these providers is still an extension point: for operational intercompany scope today, combine this wiring with the CSV import described in the “General ledger: CSV…” guide.

Prerequisites

Admin accounts on Ninon only. Never log refreshToken or accessToken in plain text in shared scripts or application logs.

NetSuite — token registration endpoint

JSON body: refreshToken (string, required, minimum length 8); accessToken (optional); accountId (optional, NetSuite account / tenant id); expiresAt (optional, ISO-8601 expiry for the access token). Typical response: integration object with id, provider netsuite, externalTenantId (often from accountId), expiresAt.

Xero — token registration endpoint

JSON body: refreshToken (required); accessToken (optional); tenantId (optional, instead of accountId); expiresAt (optional, ISO-8601). Typical response: integration object with provider xero and the same surfaced fields.

After the call

A background sync signal is emitted for your organisation. Connectors such as Business Central, Xero and NetSuite can persist GL lines when credentials and entity mappings are configured; for ERPs without a live connector in Ninon, use the documented ledger import.