OutflowGuard integrates with Xero to provide real-time monitoring of supplier bank account changes.
We use OAuth 2.0 with PKCE (Proof Key for Code Exchange) for secure authentication. This is the industry-standard secure method recommended by Xero.
OutflowGuard requests the following Xero scopes:
Contacts (read) - To monitor supplier bank details
Offline Access - To maintain connection without re-authentication
We do NOT request access to invoices, payments, or financial data.
Access tokens are automatically refreshed before expiry
Refresh tokens are encrypted using AES-256-GCM
Each tenant has its own encryption key
OutflowGuard polls Xero contact data every 1 minute to ensure near real-time detection of changes.
Bank details are masked before storage
Only last 4 digits of account numbers are retained
Full details are never stored permanently
