docs: updating readme scopes (#752)

thomb · web-flow · commit 993615944f6a · 2025-06-27T18:45:26.000+05:30
The scopes provided in this readme do not accurately reflect the scopes required in order to be able to execute the examples. `accounting.settings` is required in order to be able to fetch information about
diff --git a/README.md b/README.md
@@ -75,7 +75,7 @@ const xero = new XeroClient({
   clientId: 'YOUR_CLIENT_ID',
   clientSecret: 'YOUR_CLIENT_SECRET',
   redirectUris: [`http://localhost:${port}/callback`],
-  scopes: 'openid profile email accounting.transactions offline_access'.split(" "),
+  scopes: 'openid profile email accounting.settings accounting.transactions offline_access'.split(" "),
   state: 'returnPage=my-sweet-dashboard', // custom params (optional)
   httpTimeout: 3000, // ms (optional)
   clockTolerance: 10 // seconds (optional)
@@ -113,7 +113,7 @@ It is recommended that you store this token set JSON in a datastore in relation
 | access_token: | "xxx.yyy.zzz" | [Bearer token](https://oauth.net/2/jwt/) with a 30 minute expiration required for all API calls |
 | expires_in: | 1800 | Time in seconds till the token expires - 1800s is 30m |
 | refresh_token: | "XXXXXXX" | Alphanumeric string used to obtain a new Token Set w/ a fresh access_token - 60 day expiry |
-| scope: | ["email", "profile", "openid", "accounting.transactions", "offline_access"] | The Xero permissions that are embedded in the `access_token` |
+| scope: | ["email", "profile", "openid", "accounting.settings", "accounting.transactions", "offline_access"] | The Xero permissions that are embedded in the `access_token` |
 
 Example Token Set JSON:
 ```
@@ -123,7 +123,7 @@ Example Token Set JSON:
   "expires_in": 1800,
   "token_type": "Bearer",
   "refresh_token": "xxxxxxxxx",
-  "scope": ["email", "profile", "openid", "accounting.transactions", "offline_access"]
+  "scope": ["email", "profile", "openid", "accounting.settings", "accounting.transactions", "offline_access"]
 }
 ```
 
@@ -233,7 +233,7 @@ const xero = new XeroClient({
   clientSecret: 'YOUR_CLIENT_SECRET', // required
   redirectUris: [`http://localhost:${port}/callback`], // not used for client_credentials auth flow
   grantType: 'client_credentials', // only used for client_credentials auth flow
-  scopes: 'openid profile email accounting.transactions offline_access'.split(" "), // not used for client_credentials auth flow
+  scopes: 'openid profile email accounting.settings accounting.transactions offline_access'.split(" "), // not used for client_credentials auth flow
   state: 'returnPage=my-sweet-dashboard', // custom params (optional), not used for client_credentials auth flow
   httpTimeout: 3000, // ms (optional)
   clockTolerance: 10 // seconds (optional)
@@ -261,7 +261,7 @@ const xero = new XeroClient({
   clientId: 'YOUR_CLIENT_ID',
   clientSecret: 'YOUR_CLIENT_SECRET',
   redirectUris: [`http://localhost:${port}/callback`],
-  scopes: 'openid profile email accounting.transactions offline_access'.split(" ")
+  scopes: 'openid profile email accounting.settings accounting.transactions offline_access'.split(" ")
 });
 
 await xero.initialize();
@@ -316,7 +316,7 @@ const xero = new XeroClient({
   clientId: 'YOUR_CLIENT_ID',
   clientSecret: 'YOUR_CLIENT_SECRET',
   redirectUris: [`http://localhost:${port}/callback`],
-  scopes: 'openid profile email accounting.transactions offline_access'.split(" ")
+  scopes: 'openid profile email accounting.settings accounting.transactions offline_access'.split(" ")
 });
 
 await xero.initialize();
