# POST /api/v1/xero/webhook

> Xero webhook

- **Tag:** xero
- **Operation ID:** `xero_webhook_api_v1_xero_webhook_post`

## Description

Receive Xero ITR (intent-to-receive) and event notifications. Verifies the HMAC signature, then triggers an incremental sync for each affected tenant.

## Authentication

Bearer token in `Authorization` header.
Required header: `x-business-id: <business uuid>`.

## Responses

### 201 — Successful Response

## Code samples

### cURL

```bash
curl -X POST 'https://api.ondayzero.com/api/v1/xero/webhook' \
  -H 'Authorization: Bearer dz_your_token' \
  -H 'x-business-id: YOUR_BUSINESS_ID'
```

### JavaScript

```javascript
const response = await fetch('https://api.ondayzero.com/api/v1/xero/webhook', {
  method: 'POST',
  headers: {
    Authorization: 'Bearer dz_your_token',
    'x-business-id': 'YOUR_BUSINESS_ID',
  },
});
const data = await response.json();
```

### Python

```python
import httpx

headers = {
    "Authorization": "Bearer dz_your_token",
    "x-business-id": "YOUR_BUSINESS_ID",
}

response = httpx.post("https://api.ondayzero.com/api/v1/xero/webhook", headers=headers)
data = response.json()
```

## See also

- HTML version: https://www.ondayzero.com/docs/reference/xero/xero-webhook
- OpenAPI slice: https://www.ondayzero.com/docs/reference/xero/xero-webhook/openapi.json
- Other endpoints in **xero**: https://www.ondayzero.com/docs/reference/xero