Learn about scopes, endpoints, and headers

Scopes limit what data your app can read and update. Instead of getting broad permissions for everything, set granular permissions so your app only focuses on what’s necessary.

Scopes

Here are the scopes for the QuickBooks Payroll and Time API:

Scope Description Sensitive Data?
qb.company.read Grants read access to company information.  
qb.company.taxidentifier.read Grants read access to the tax identifier (EIN, CBN) for the company. Yes
qb.employee.read Grants read access to employee data  
qb.employee.taxidentifier.read Grants read access to the tax identifier (SSN, SIN) for the employee. Yes
qb.employee.birthdate.read Grants read access to employee date of birth.  
qb.payroll.compensation.read Grants read access to payslips.  
qb.payroll.benefits Grants access to payroll benefits, deductions, and pensions.  
payroll.compensation.read Allows read access to pay types (i.e., compensation). Compensation data can only be queried for customers using QuickBooks Payroll.  

Note

Note: Sensitive data requires additional legal agreement and manual onboarding with our support team.

Endpoints

Endpoints are the locations on our server where apps send requests to call APIs.

For the QuickBooks Payroll and Time GraphQL API, there’s only one endpoint. No matter which entities or fields you include in your queries, requests all go to the same endpoint. The Time resources also use the Accounting REST API.

Note

Note: The Payroll Employee Compensation API is currently not available in sandbox.

Required headers

The following are required headers for API resources.