Practice authorization in the OAuth Playground

Want to practice authorizing your app without using production code?

The OAuth 2.0 Playground generates sample requests and responses to demonstrate each step of the OAuth 2.0 and OpenID Connect authorization process.

It shows you how to get authorization codes, create requests to exchange authorization codes for access and refresh tokens, use access tokens to make API calls, and generate a new refresh tokens from the server response.

Step 1: Set up your app on the Intuit Developer Portal

If you haven’t already, sign in to your developer account and create your app.

Your app needs to be on the Intuit Developer Portal so the OAuth Playground can pull its credentials.

Step 2: Practice getting access tokens
  1. Go to the OAuth 2.0 Playground.
  2. From the Select app dropdown, select one your sandbox companies. Note: We recommend you test using a sandbox.
  3. In the Scopes section, select one or more scopes.
  4. Select Get authorization code. If asked, select Connect to connect your app to the OAuth Playground.
  5. Review the auto-generated Authorization code and Realm ID. The authorization code is based on your app’s scopes.
  6. Select Get tokens.
  7. Review the sample request and response.

The sample POST request sends the authorization code to the Intuit OAuth 2.0 server.

In the sample response, the accessToken field value contains an access token. This is what you’ll use to call our API.


Tip: Scopes determine the type of data your app can access. They also decide what types of API requests you can make. Only select the scopes you plan to use for your production app.
Step 3: Make practice API calls

First, get access tokens to make a request.

  1. Go to the OAuth 2.0 Playground.
  2. Go to the Make API calls section.
  3. Select a request type from the Call APIs for dropdown.
  4. Select Get to make a call to the API.
  5. Review the sample request and response.

In the sample request, the OAuth Playground added the accessToken value to the Authorization parameter.

See sample API requests for each scope
Sample API call Required scope Description
Get Company Info Calls the CompanyInfo entity. This gives you info about the company based on the realm ID.
Submit Charge Calls the QuickBooks Payments API Charges entity. This creates a charge for the test Visa Card account.
Get User Info openID and at least one of the following: profile, email, phone, address. Calls the userInfo entity. This gets info about the logged in user based on OpenID scopes chosen during authorization.
Step 4: Practice refreshing access tokens

Access tokens are valid for 60 minutes. After they expire, use refresh tokens to them:

  1. Go back to the first server response.
  2. Review the refreshToken field value.
  3. Go to the Refresh Access Token section.
  4. Note the refreshToken value is already entered.
  5. Select Refresh Access Token.
  6. Review the sample request and response.

The sample response should have a new value for the accessToken field.