From 53d29d5eedaf1afc3201d9da3f22b6600b3d48ca Mon Sep 17 00:00:00 2001
From: Adam O'Neil <adamo@phatlicks.com>
Date: Wed, 18 Mar 2026 12:07:35 +0000
Subject: [PATCH] Update DeleteConnectionAsync to use the correct connectionId
 rather than the xeroTenant ID.

The DeleteConnection API call is DELETE /connections/{connectionId} rather than DELETE /connections/{tenantId}. I have left the old method in place and added a new correct one, with the plan to remove the old one in the future (marked as Obsolete). This can also be just removed, as I don't believe it will work in its current state and the remote side will always respond with "Forbidden".
---
 .../src/Client/IXeroClient.cs                 |  2 ++
 .../src/Client/XeroClient.cs                  | 23 +++++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/Xero.NetStandard.OAuth2Client/src/Client/IXeroClient.cs b/Xero.NetStandard.OAuth2Client/src/Client/IXeroClient.cs
index ba1daa01..2adadcb6 100644
--- a/Xero.NetStandard.OAuth2Client/src/Client/IXeroClient.cs
+++ b/Xero.NetStandard.OAuth2Client/src/Client/IXeroClient.cs
@@ -1,3 +1,4 @@
+using System;
 using System.Collections.Generic;
 using System.Threading.Tasks;
 using Xero.NetStandard.OAuth2.Config;
@@ -22,6 +23,7 @@ public interface IXeroClient
         Task<IXeroToken> GetCurrentValidTokenAsync(IXeroToken xeroToken);
         Task<List<Tenant>> GetConnectionsAsync(IXeroToken xeroToken);
         Task DeleteConnectionAsync(IXeroToken xeroToken, Tenant xeroTenant);
+        Task DeleteConnectionAsync(IXeroToken xeroToken, Guid connectionId);
         Task RevokeAccessTokenAsync(IXeroToken xeroToken);
     }
 }
\ No newline at end of file
diff --git a/Xero.NetStandard.OAuth2Client/src/Client/XeroClient.cs b/Xero.NetStandard.OAuth2Client/src/Client/XeroClient.cs
index 36824eba..5a15303d 100644
--- a/Xero.NetStandard.OAuth2Client/src/Client/XeroClient.cs
+++ b/Xero.NetStandard.OAuth2Client/src/Client/XeroClient.cs
@@ -316,6 +316,7 @@ public async Task<List<Tenant>> GetConnectionsAsync(IXeroToken xeroToken)
         /// <param name="xeroToken"></param>
         /// <param name="xeroTenant"></param>
         /// <returns>List of Tenants attached to accesstoken</returns>
+        [Obsolete("This method is being removed. Switch to using DeleteConnectionAsync using the connectionId guid")]
         public async Task DeleteConnectionAsync(IXeroToken xeroToken, Tenant xeroTenant)
         {
             using (var requestMessage = new HttpRequestMessage(HttpMethod.Delete, $"{xeroConfiguration.XeroApiBaseUri}/connections" + "/" + xeroTenant.id))
@@ -332,6 +333,28 @@ public async Task DeleteConnectionAsync(IXeroToken xeroToken, Tenant xeroTenant)
             }
         }
 
+        /// <summary>
+        /// Delete the connection given the accesstoken and xero tenant id
+        /// </summary>
+        /// <param name="xeroToken"></param>
+        /// <param name="connectionId"></param>
+        /// <returns>Delete a connection using its connection id</returns>
+        public async Task DeleteConnectionAsync(IXeroToken xeroToken, Guid connectionId)
+        {
+            using (var requestMessage = new HttpRequestMessage(HttpMethod.Delete, $"{xeroConfiguration.XeroApiBaseUri}/connections" + "/" + connectionId))
+            {
+                requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", xeroToken.AccessToken);
+
+                var result = await _httpClient.SendAsync(requestMessage);
+                if (result.StatusCode == System.Net.HttpStatusCode.NoContent)
+                {
+                    return;
+                }
+
+                throw new HttpRequestException(await result.Content.ReadAsStringAsync());
+            }
+        }
+
         /// <summary>
         /// Revokes the current token - immediate disconnect all orgs and stops the user authorisation
         /// </summary>