Home › Blog › Xero OAuth Redirect URI Error Fix for Native iOS Apps Using PKCEXero OAuth Redirect URI Error Fix for Native iOS Apps Using PKCE Chintan Prajapati May 22, 2026 8 min read IntroductionXero OAuth 2.0 integration with a native iOS app can become tricky when the redirect URI does not work as expected.One common issue developers face is the Xero authorization error:Sorry, something went wrongIn many cases, this happens because the redirect_uri used in the iOS app does not match Xero’s redirect URI requirements. This guide explains how to use PKCE with a native iOS app and how to handle the redirect URI issue correctly.Quick Fix for Xero OAuth “Sorry Something Went Wrong” Redirect URI ErrorIf you see this error during Xero OAuth authorization, first check the redirect URI.Xero does not accept custom iOS URL schemes directly as redirect URIs, such as:xeroIntegration://xerointegration.satva.solutionsInstead, Xero requires an HTTPS redirect URI, except for localhost. For iOS apps, the practical solution is to use an HTTPS redirect page and then redirect the user back to the app using the iOS URL scheme.CheckWhat to VerifyRedirect URIMust exactly match the URI saved in Xero Developer PortalURI FormatUse HTTPS, not direct custom app schemeClient IDMust match the correct Xero appScopeUse valid Xero scopes onlyPKCEUse the same code verifier during token exchangeiOS RedirectApp should be able to receive the returned codeWhat Is Xero API Integration?Xero is a cloud-based accounting platform used by small businesses, accountants, and finance teams to manage invoices, bills, bank transactions, payroll, and financial reporting.For custom applications, Xero provides APIs that allow developers to connect business systems, mobile apps, SaaS platforms, and internal tools with Xero data.What Is PKCE in Xero OAuth 2.0?PKCE, or Proof Key for Code Exchange, is an OAuth 2.0 security extension used for apps that cannot safely store a client secret, such as native mobile apps.In an Xero iOS integration, PKCE helps secure the authorization flow by using a temporary code_verifier and code_challenge during login and token exchange.Why PKCE Is Required for Xero iOS App IntegrationAccording to OAuth’s official website. PKCE was originally designed to protect the authorization code flow in mobile apps and was later recommended to be used by single-page apps as well.In later years, it was recognized that its ability to prevent authorization code injection makes it useful for every type of OAuth client, even apps running on a web server that uses a client secret.Because of its history in the use of mobile apps and single-page apps, it is sometimes incorrectly thought that PKCE is an alternative to a client secret.However PKCE is not a replacement for a client secret, and PKCE is recommended even if a client is using a client secret, since apps with a client secret are still susceptible to authorization code injection attacks.Problem: Xero Does Not Accept Custom iOS Redirect URI DirectlyI wanted to do the XERO OAuth 2.0 integration flow applied in the Native iOS app.So I went over to Xero’s official SDK documentation page and followed the instructions.This was my first integration as an iOS developer with Xero API.I got stuck in one specific problem, where in the Xero Developer portal, within the Redirect URI field I was asked to provide a redirect parameter.Which I don’t know how an Xero API will redirect users to an iOS app. So I sent an email to the Xero team and I got this reply.Reply from the Xero teamHi HardikMobile clients should use the Claimed HTTPS Scheme URI Redirection to register https redirect URIs.This is supported on both Android (https://developer.android.com/training/app-links/verify-site-associations) and iOS(https://developer.apple.com/library/archive/documentation/General/Conceptual/AppSearch/UniversalLinks.html). Kind regards.After reading an article given by the Xero support team I tried to enter the Claimed HTTPS Scheme URI in App.Below is a screenshot of the error when I set Redirect URI.So the above error became a key problem and blockage for me.I don’t know What’s the correct redirect url of Xero PKCE integration? How to redirect back in the app after xero login?Common Xero OAuth Errors and FixesErrorReasonFixSorry, something went wrongRedirect URI mismatchMatch the URI in Xero Developer PortalInvalid redirect_uriCustom scheme used directlyUse HTTPS redirect URIinvalid_grantExpired or reused codeGenerate a new authorization codeinvalid_scopeWrong scope valueUse valid Xero OAuth scopesApp does not open after loginiOS URL scheme issueCheck URL Types in XcodeToken request failsWrong code verifierUse the same PKCE verifierSolution: Use HTTPS Redirect URI and Route Back to iOS AppStep-by-Step Xero OAuth PKCE Setup for iOS App Follow xero developer document for OAuth flow.The Proof Key for Code Exchange (PKCE) flow | Xero Developer Create a developer account on Xero. After that create an app on xero developer account. Set the redirect url in the application created on xero. In iOS, we use redirect urls such as: “xeroIntegration://xerointegration.satva.solutions”. But in xero, this type of redirect url can’t be accepted. I have changed the redirect url in ios app code which was set in xero application but that still gives the error code 500 (Invalid Redirect URL).App Search Programming Guide: Support Universal Links I tried another solution using the above link. Create a universal redirect url for the ios application.And also set Apple-App-Site-Association on the redirect url of the web page but I can’t get back to the app. After that, We found the redirect url solution in the ios application. First we set the URL schema to “xeroIntegration” and create a redirect url like “xeroIntegration://xerointegration.satva.solutions”.In the app side, we have set the redirect url in the official API just like the app developed in the xero account. I talked with one of the expert Xero Developers in my team and we figured out a solution which solves this problem. It is mandatory requirement that a redirect URI has to be an HTTPS URL. so a web developer helped me create a static secure HTTP site which is just a simple html page as below. Web Page URL: https://xerointegration.satva.solutions/ Page Source Code Screenshot:Redirecting from HTTPS Callback URL Back to the iOS AppJavascript Sample Code: let result = window.location.href.replace(“https”, “xeroIntegration”); window.location.href=result; Please observe a javascript written in a webpage that ensures that before the redirect HTTPS parameter is replaced by iOS URL Schema( in my case it’s xeroIntegration).So the URL which iOS will open in Safari browser would look something like the below:xeroIntegration://xerointegration.satva.solutions?code=sjdjksdhnksdfh After that, we set the JavaScript code in the redirect url webpage. It will redirect to the application with the parameter “code”. Code which you write for authenticate by Xero login: Once We got “code” parameter from Xero and use “code” parameter, we will get the access token of the Xero account. Code which you write for an access token: Download Xero OAuth iOS Sample CodeFor reference, You can download the complete Xcode Project at GitHub https://github.com/satva-git/XeroIntegratoin_iosAlso Read: NetSuite OAuth 2.0 Integration in .NET (Step-by-Step Guide)Your 1 hour of consulting is on us! Get Xero App Consulting nowYou can use the sample Xcode project as a reference to understand the complete Xero OAuth flow, including PKCE setup, redirect handling, authorization code capture, and access token exchange.Do you need help with custom Xero integration service or development? Our Xero integration experts are here to help you!FAQsWhy does Xero show “Sorry, something went wrong” during OAuth authorization?This usually happens when the redirect_uri, client ID, or scope is incorrect. For iOS apps, the most common reason is using a custom app URL scheme directly instead of an HTTPS redirect URI.How do I fix the Xero invalid redirect_uri error?Use an HTTPS redirect URI in the Xero Developer Portal and make sure the same URI is used in your authorization request and token exchange. The URI should match exactly, including slash, case, and protocol.Does Xero allow custom iOS URL schemes as redirect URIs?No. Xero requires HTTPS redirect URIs, except for localhost. For iOS apps, you can use an HTTPS callback page first, then redirect users back to the app using the registered iOS URL scheme.Why is PKCE required for Xero integration with native iOS apps?PKCE is used because native mobile apps cannot safely store a client secret. It protects the OAuth flow by using a code_verifier and code_challenge during authorization and token exchange.What should I check if Xero OAuth token exchange fails?Check whether the authorization code is expired, the redirect_uri matches exactly, the same code_verifier is used, and the request is sent to the correct Xero token endpoint.Can I use localhost as a redirect URI in Xero OAuth?Yes, Xero allows localhost as an exception. However, for production iOS apps, you should use a valid HTTPS redirect URI.How do I redirect users back to an iOS app after Xero login?Use an HTTPS callback URL in Xero. After Xero redirects to that page with the authorization code, use JavaScript or app linking logic to open the iOS app with the code parameter.What is the best way to debug Xero OAuth redirect issues?Start by comparing the redirect URI in three places: Xero Developer Portal, authorization URL, and token request. Then check scopes, client ID, PKCE verifier, and iOS URL scheme settings.