Technical requirements

Before you can list your app on the QuickBooks App Store, it will be reviewed to ensure it meets the following security requirements and complies with the Intuit Developer Terms. This is in addition to meeting our technical and marketing requirements.

The review process starts once you submit your app for review on the QuickBooks App Store. This applies whether you’re listing in one or more countries.

All apps listed on the QuickBooks App Store must continue to meet these requirements after publication. They’re reviewed by Intuit on an annual basis, or more frequently at Intuit’s discretion, to ensure that they continue to meet our required technical and security standards.

Note

Note: The average time to complete the technical review is about 20 days from the date it’s initiated. Actual time will depend on availability to schedule reviews, the number of issues found, and the speed with which you can remediate any issues.
Section 1: UI components (SSO & non-SSO apps)

These requirements cover the public-facing parts of your app (i.e what’s shown to QuickBooks users).

1.1: “Connect to QuickBooks” button

From within your app, the “Connect to QuickBooks” button should be visible and presented in an area where users manage their accounting software connections, as shown in the examples below. Once a connection is established, this button should be hidden. Put a “Disconnect” button or link in it’s place.

Note

Note: Your production redirect URI must be a valid SaaS domain. Learn more about initiating the authorization request.

In this example, prior to connecting to your app, the “Connect to QuickBooks” button is visible:

../../../../_images/C2QBExample.jpg

Once connection is established, the “Connect to QuickBooks” button is hidden. Now, the disconnect link is visible:

../../../../_images/C2QBConnected.jpg
1.2: Browser compatibility

Widgets, buttons, and workflows work in the latest versions of Edge, Firefox, and Chrome browsers.

1.3: Logos and buttons

All Intuit and QuickBooks logos and buttons in your app use the approved and provided images.

1.4: Spelling and capitalization

“Intuit” and “QuickBooks” are spelled properly, capitalized correctly, and aren’t abbreviated.

Section 2: QuickBooks data connection (SSO & non-SSO apps)

These requirements detail how your app must initiate, maintain, and reestablish connections with QuickBooks.

2.1: Successful data connections

Only QuickBooks Online API calls are used to move and pass data between your app and QuickBooks Online. This applies to reading and writing data.

To speed up this portion of your review, submit a support ticket outlining the steps our review team should follow to test this requirement. For example:

2.2: Maintaining connection

Once users connect via OAuth, the connection is maintained until users disconnect the app from their QuickBooks Online company.

Signing out of an app doesn’t disconnect a QuickBooks Online company.

Here’s a general overview for maintaining the connection:

  1. Users create an account in your app and connect it to their QuickBooks Online company.
  2. Launch a different browser.
  3. Users sign in to your app.
  4. Your app opens with the QuickBooks connection maintained.
  5. The “Connect to QuickBooks” button is hidden, but data service calls are working.
2.3: Disconnecting users’ QuickBooks Online companies

Users should be able to disconnect their QuickBooks Online company from your app from within your app. There is no mandated “Disconnect” button or link you must use. Just ensure your solution properly calls our revoke endpoint.

The button or link label should clearly indicate it will disconnect your app from QuickBooks.

Here’s an example of a “Disconnect” link:

../../../../_images/C2QBConnected.jpg
Section 3: Sign-in with Intuit button (OpenID Connect, Intuit SSO only)

These requirements are for how your app must use OpenID Connect to implement the “Sign in with Intuit” button.

Note: This section is only required if you’re using Intuit Single Sign-on.

Warning

Warning: Your app must use the OpenID Connect claimed identity, and must not use the OpenID email address, when creating the association between your app’s user and Intuit’s OpenID in your database. During subsequent sign-ins, your app must match the OpenID claimed identifier sent by Intuit against what you’ve associated with your user so the user can gain access to your app. Storing and matching OpenID email address isn’t secure.

Warning

Warning: Your app must establish the association between OpenID Connect and your user only after the user has been securely authenticated into your app via a password prompt or otherwise. This ensures your user is explicitly allowing the OpenID association to give access to your app.
3.1: Sign in with Intuit button

The “Sign in with Intuit” button appears on all app sign-in pages. It should be clear and visible. When selected, the button launches the Intuit Sign-in page. The button should be rendered using either JavaScript or approved graphics.

Here’s an example of a “Sign in with Intuit” button on an app’s sign-in page:

../../../../_images/SIWI.jpg

Warning

Warning: Your app must check for emailVerified field and allow users access to app only if emailVerified is true.
3.2: Handling unknown users

A new unknown user (i.e. one who is connecting to your app for the first time) who selects the “Sign in with Intuit” button only signed in with your app, without executing the OAuth authentication process.

Note

Tip: Have a workflow or wizard to recognize this customer and offer the ability to either use an existing account for your app, or create a new account. Then inform the user that the app isn’t connected to their QuickBooks Online company yet. Show them the “Connect to QuickBooks” button.

Here’s a general overview of the process:

  1. User selects the “Sign in with Intuit” button.
  2. User enters their user ID and password for an existing Intuit account that is not currently connected to your app.
  3. When the user selects Sign In, the Intuit Sign in window appears. Your app shouldn’t interfere with or change the OpenID flow.
  4. When the user selects the Authorize button, the authorization screen closes. The user is returned to your app in a signed-in state.
3.3: Handling known users

An existing connected user who selects the “Sign in with Intuit” button is taken to your app. Data service calls work.

Here’s a general overview of the process:

  1. User selects the “Sign in with Intuit” button.
  2. User enters their user ID and password for an existing Intuit account that is currently connected to your app.
  3. When the user selects Sign In, they go into your app without entering additional sign-in credentials.
  4. The Connect to QuickBooks button is hidden and all data service calls work.

Note

Important: If the user already exists in your database, but their Intuit identity hasn’t been established (i.e. the two data identities aren’t connected), initiate an application session for that user. Do this only after prompting the user to enter their password prior to linking the Intuit identity to their existing account.
Section 4: Interacting with the QuickBooks App Store and the Apps tab in QuickBooks Online (Intuit SSO only)

These steps explain the different ways users can find and connect to your app.

If your app uses Intuit Single Sign-on, we’ll go over ways to design your app experience that allow users to navigate the QuickBooks App Store. Note: If your app doesn’t use Intuit Single Sign-on, skip to Section 5.

4.0: Finding and managing apps in QuickBooks Online

The user can go to the Apps tab in QuickBooks Online to find apps and manage existing connections.

../../../../_images/MyAppsQBO.jpg

If a user is signed in and on the My Apps tab in QuickBooks, there are four actions available for managing your app:

4.1: Free trials of apps

On the QuickBooks App Store, new users can sign up for a free trial of your app if they select the “Get app now” button.

To see how the free trial process works:

  1. Make sure you’re not currently signed in to the QuickBooks App Store. Sign out of your app and the app store. Close your browser and start from a fresh tab.
  2. Go to the List on App Store page.
  3. Select the Test Get App Now button to test the link.
  4. On the Intuit Sign-in page, enter a user ID and password for an existing Intuit account, but NOT one that’s currently connected to your app.
  5. If prompted, select a QuickBooks product.
  6. If prompted, choose a company file.
  7. Select the Authorize button.
../../../../_images/TestGetAppNow.png

The free trial starts and the browser redirects to the page of your app that shows the integrated QuickBooks data, or a message about the integration.

Requirements for free trial setup

4.2: Sign in to an app from the QuickBooks App Store

If a user is signed in to the QuickBooks App Store but not your app, they can sign in to your app without being asked for sign-in credentials.

  1. Make sure you’re not currently signed in to the QuickBooks App Store. Sign out of your app and the app store. Close your browser and start from a fresh tab.
  2. Go to MyApps.
  3. Sign in to the QuickBooks App Store with an account that’s connected to your app.

This redirects you to the My Apps tab of the Apps menu in QuickBooks Online. Find and and launch your app. It should open without prompting users for sign-in credentials.

4.3: Launch an app from QuickBooks App Store without credentials

If the user hasn’t signed out of your app or the QuickBooks App Store, your app should be able to launch from the QuickBooks App store without asking for sign-in credentials.

  1. Make sure you’re signed in to your app.
  2. Go to MyApps.
  3. Sign in to the QuickBooks App Store.

This redirects you to the My Apps tab of the Apps menu in QuickBooks Online. Find and and launch your app. It should open without prompting users for sign-in credentials.

4.4: Disconnect an app from the QuickBooks App Store

A user can disconnect your app (and revoke access) from their QuickBooks Online company from the QuickBooks App Store.

  1. Make sure you’re not currently signed in to the QuickBooks App Store. Sign out of your app and the app store. Close your browser and start from a fresh tab.
  2. Go to MyApps.
  3. You should be redirected to the My Apps tab of the Apps menu in QuickBooks Online.
  4. From the My Apps tab, find your app and select the Disconnect link.
  5. Follow the on-screen steps to confirm and disconnect the app.

This disconnects your app from the user’s QuickBooks Online company. The UI refreshes so the user can reconnect if necessary.


In this disconnected state, the “Connect to QuickBooks” button should reappear and the “Disconnect link” should be hidden.

Warning

Important: If you’re using a development environment to test the disconnect flow, you may see a Close button instead of Next. Select the Close button and wait for the page to refresh and remove your application. Then manually navigate to the disconnect URL you specified for your app’s settings.

Note

Note: If a user has multiple QuickBooks Online companies associated with the same user ID, they’re prompted to pick a specific company.
Section 5: Interacting with the QuickBooks App Store (not using Intuit SSO)

This section only applies to apps that don’t implement Intuit Single Sign-on.

5.1: “Learn More” button

Implement the “Learn More” button in place of “Get app now” button on your app’s QuickBooks App Store listing. Selecting the “Learn More” button redirects users to one of your app’s webpages.

The URL should lead to a page about your app, including a description of what it does, guides for how to use it, and info about how it integrates with QuickBooks Online.

5.2: Launch URL

The launch URL goes directly to your app’s sign-in page.

5.3: Disconnect an app from the QuickBooks App Store

Users can disconnect from your app from within the QuickBooks App Store. The Disconnect URL should be a static page that informs the user that the connection between your app and their QuickBooks Online company is terminated, and provides steps for how to reconnect.

Section 6: Connecting apps to QuickBooks Online Accountant
6.1: Supporting users with multiple QuickBooks Online companies

This section only applies if your app is intended for use with QuickBooks Online Accountant.

Your app needs to be set up so it can sync data for users with multiple QuickBooks Online companies. This is sometimes called “Accountant-ready.”

Learn more about supporting users with multiple QuickBooks Online companies for details.

Note

Tip: You don’t need to have QuickBooks Online Accountant to create and test apps intended for it.

Your app needs to support these scenarios:

Note

Note: Your app must support Intuit Single Sign-on for it to appear in Apps tab in QuickBooks Online Accountant.

Set up a testing environment

  1. Create two QuickBooks Online companies using the same Intuit account. Let’s call then Company A and Company B.
  2. If you one of the two is a trial company, please select Sign in instead of Create account on the first page.
  3. Test the steps with Company A and Company B separately.

Test connecting to Company A when you’re not subscribed to your app

  1. Sign in to Company A.
  2. Go to the Apps tab in QuickBooks Online.
  3. Select and subscribe to your app.
  4. If your app isn’t published yet, you can test the following link: https://appcenter.intuit.com/app/connect/oauth2/request?appId=<appId>. You can find the app Id in the Production tab of your app’s settings.
  5. You should land in your app using Company A to establish the connection between QuickBooks Online and your app.

Test launching your app for Company A, after you’ve subscribed

  1. Sign in to Company A.
  2. Go to the Apps tab in QuickBooks Online.
  3. Select and launch your app.
  4. You should land in your app using Company A.

Test disconnecting from Company A

  1. Sign in to Company A.
  2. Go to the Apps tab in QuickBooks Online.
  3. Select Disconnect and follow the steps to disconnect.
  4. You should land in your app using Company A.

Test connecting to Company B

Follow these same steps for Company B. Test the connection in an unsubscribed state, launch your app after you’ve subscribed, and then disconnect it.

At each phase, everything should be performed and completed by Company B.

If this is successful, your is able to handle multiple QuickBooks Online companies for the same user.

6.2: Providing lists for users showing their with multiple QuickBooks Online companies

We recommend you provide a page that shows users all of their active QuickBooks Online companies. This enhances their experience and gives them a convenient way to manage their connections.


../../../../_images/Screen_Shot_2017-12-12_at_11.28.02_AM.png

../../../../_images/Screen_Shot_2017-12-12_at_11.29.19_AM.png
Section 7: Regulated industry check

Prior to starting the technical review process, if your app is used in one or more of the following industries, Intuit will perform an additional review. This ensures you app is compliant in that industry: