Publishing requirements and guidelines

All apps that connect to production QuickBooks Online companies are expected to comply with Intuit’s platform requirements and guidelines. This includes both private (i.e. unlisted) apps and apps that want to be listed on the App Store.

Additionally, apps that operate in certain industries must meet additional requirements before going live.

When you request production credentials (i.e. client ID and client secret), you will be asked to complete a self-assessment questionnaire. This helps us better understand what your app does and how it meets our platform requirements.

In addition to these requirements, apps also need to undergo an annual security assessment. This assessment ensures that all apps on our platform continue to keep Intuit customers’ data secure.

Note: These requirements are subject to change as we expand our platform. Please check back periodically for more information and updates.

General requirements
Authorization & authentication

To ensure your app is fully integrated with OAuth2.0, we recommend you do the following:

Data usage

Protecting customer data is absolutely essential, and integral to being successful on the QuickBooks API Platform. Any misuse of data or breach in privacy could lead to your app losing access to the APIs.

API usage

The following requirements and best practices help everyone maintain our platform for the benefit of our developer community and customers. They also allow us to gather insights so we can make improvements to our platform.

Different requirements will apply to your app based on the type of app you are creating and the entities you’re accessing. Read on to know the requirements that are applicable to your app.

Accounting API

If your app uses any of the accounting (and/or reporting) APIs, these requirements apply to you.

Payments API

Any apps that access the Payments API are required to follow the payment application data security standard (PA DSS) established by the Payment Card Industry (PCI). Since these apps typically access sensitive data, the following requirements are enforced and any apps not following these may lose access to the QuickBooks Payments API.

Supporting your app users

If you need support from the Intuit team to troubleshoot your app, the following can help expedite your support request.

  1. Capture the value of the intuit_tid field from the Intuit API response header.
  2. Store all error information in logs (including sequence of API calls, error messages in response, etc) so it can be shared with our support team.
Security review

All apps on our platform will undergo an annual security review. This review ensures that apps continue to keep Intuit customers’ data secure. These are some of the things we look for during the review process:

Requirements for certain regulated industries

If your app is in any industry highlighted below, read on to know more about the types of regulated industries that need further review and our baseline requirements for each.

Lending

Your app is categorized as a lending app if you allow or promise funding to a small business. For example, through lending, invoice purchase or factoring, or cash advance. This category applies regardless of whether you provide the funds or act as a referral agent, marketer, marketplace, or broker.

The following requirements apply to lending apps:

Payments/Money Movement

Your app is categorized as a payments or money movement app if it automates payment transactions between two individuals. For example, between a merchant and shopper, employer and employee, individual and bill company). The transactions may include processing, verifying, accepting, or declining credit card or ACH transactions, or making tax payments on the individual’s behalf.

Any app that connects to the QuickBooks Payments API is also categorized as ‘Payments/Money Movement’.

The following requirements apply to payments/money movement apps:

Insurance

Your app is categorized as an insurance app if it offers insurance products or services, either directly or indirectly.

The following requirements apply to insurance apps:

Investment/Financial Planning

Your app is categorized as an investments or financial planning app if you advise on the sale or purchase of securities, or advise, open, fund, or close 401K, IRA, or other retirement plans.

The following requirements apply to investment/financial planning apps:

Non-compliance with requirements

All new apps or apps that are in the development phase will be required to complete the assessment process prior to getting production credentials.

If your app fails to maintain compliance with these requirements once it is live, or fails to remediate any issues found during the assessment, Intuit will assess the risk and take the necessary steps in order to protect customers’ data.

Depending on the type of app and the severity of non-compliance, we may take the following actions:

We’ll provide sufficient communication and notifications to you before we take any of the above actions. All communication will be sent to the email address registered when you created your app.

Take a moment now to review and update your developer profile as needed and subscribe to our emails. If the email address associated with your app is no longer in use, contact us so we can update it.