For Control-C to connect to your Xero organisations and maintain security, Xero uses OAuth 2.0 for authentication in its connected apps. This involves two types of tokens:
- Access Token: This token grants access to the Xero API and is valid for 30 minutes.
- Refresh Token: This token is used to obtain a new access token when the current one expires and is valid for 60 days.
Renewal Process:
- Automatic Refresh: When an access token is about to expire, the connected app should automatically use the refresh token to request a new access token from Xero. This process happens behind the scenes and does not require user intervention.
- Manual Refresh (if needed): If a refresh token is unused for 60 days, it will expire. In this case, the user will need to reauthorise the connected app to obtain new tokens.
Reasons for a Token Renewal (Xero org becomes disconnected from Control-C):
- Security: It’s good practice to periodically review the permissions granted to connected apps and revoke access for any apps that are no longer needed.
- Functionality Changes: If the connected app’s functionality changes or if Xero updates its API, the app may need to be reauthorised to ensure it continues working correctly.
Key Points:
- Access tokens expire after 30 minutes.
- Refresh tokens expire after 60 days of inactivity.
- Control-C handles the token renewals automatically.
- Control-C review the Refresh Tokens periodically for security and functionality reasons.
Disconnects #
If we detect any reason why the token may have expired, we will send a ‘Your Xero org has become disconnected’ email to your business to request you to reconnect for our backups to continue. As mentioned above, this is generally triggered by changes made by Xero, but on rare occasions Control-C may request you to refresh your token.
Action Required if your organisation has become disconnected:
Please follow these simple steps…
- Identify any disconnected org(s)
- Reconnect your org(s) through the standard process “How to reconnect a disconnected Xero org”
Troubleshooting:
- If Xero returns that it is already connected, you will need to follow the steps
“My org does not appear in Control-C or is greyed out” – see attached pdf help article or click on the secure links provided below, then try reconnecting. - If Xero returns “Xero Organisation Changed”, you will need to follow the steps
“Xero Organisation Changed – reconnecting an org comes up with error org mismatch” – see attached pdf help article or click on the secure links provided below, then try reconnecting.
Please Note:
- Do not use the “Add New Organisation” to reconnect a disconnected org. This will duplicate your current org.
- Do not use ‘connect all orgs’ option if you have multiple orgs, you must reconnect them one at a time.
I’ve included three helpful links to our Help Article resources to guide you through the process:
- How to reconnect a disconnected Xero org:
https://controlchelp.freshdesk.com/support/solutions/articles/51000112060-how-do-i-reconnect-a-disconnected-xero-org - My org does not appear in Control-C or is greyed out:
https://controlchelp.freshdesk.com/support/solutions/articles/51000372046-my-org-does-not-appear-in-control-c-after-connecting-it-or-is-greyed-out-in-the-list - Xero Organisation Changed – reconnecting an org comes up with error org mismatch:
https://controlchelp.freshdesk.com/support/solutions/articles/51000418653-xero-organisation-changed-mismatch-org-message-when-trying-to-reconnect
If you need assistance, please let us know.
Some Background on Disconnections
We apologise for the inconvenience caused by any disconnections between Control-C and your Xero organisation. This disconnection is a result of a built-in security measure we have in place to protect your data. It’s designed to ensure that only authorised access is granted to your Xero information.
Here’s what triggers a disconnection:
- Token Expiry: Xero uses tokens to manage access for connected apps like Control-C. These tokens expire regularly to maintain security.
- Security Review: Control-C periodically review these tokens to ensure they’re up-to-date and functioning correctly.
- Xero Updates: Changes made by Xero, such as updates to their API (Application Programming Interface), can also trigger a disconnection.
What happens next:
When a disconnect occurs, you’ll receive an email from us, similar to this one. The email will first clearly inform you that a disconnection has been triggered due to security reasons or expired tokens. It will then provide clear and easy-to-follow instructions to guide you through the process of reconnecting your Xero organisation to Control-C. This ensures you understand the reason for the disconnection and can take the necessary steps to reconnect your orgs for the backups to resume.
We understand that this might be a slight inconvenience, but rest assured that it’s a crucial step in making sure we can access your data to continue your backups, safeguarding your data.
As mentioned above, disconnect are usually triggered by changes made by Xero, but on rare occasions Control-C may request you to refresh your token.
It should be noted that reconnecting does NOT delete any of your historical backups.
Please let us know if you have any other questions about this process.
