Learn about scopes

Scopes determine the types of data, and by extention API entities, your app can read and update in QuickBooks Online.

Essentially, Intuit uses scopes to define data types and manage data access for third-party apps. We categorize different types of data into distinct “buckets.” Some bucket accounting data, others only bucket user info data.

When you set scopes, you’re requesting permission to utilize one or more of these defined data types. Another way to look at it, scopes limit the data types (entities and resources) your app gets access to. This makes it clear what data your app needs to function, which increases trust and transparency with your users.

Scopes for app authorization

Let’s look at a concrete example. When you set up OAuth 2.0, you’ll list one or more scopes in your authorization request. This tells us what type of data your app needs to access so we can grant the correct permissions.

Scopes also tell your end-users which areas of their QuickBooks Online companies your app will work with. During the authorization flow, users will see the requested scopes on the authorization page. They’re essentially agreeing to let your app access the data types as defined by the scopes.

If users grant your app access, the Intuit OAuth 2.0 Server will send access tokens to your app. Access tokens are limited by the granted scopes.

Tip: Instead of requesting access to all scopes upfront, we recommend requesting them incrementally based on your app’s current data requirements.

Each time you update your app’s scopes, you need to restart the authorization flow so users can reauthorize your app. You’ll need to list the new scopes and get new access tokens.

Current scopes for the QuickBooks Online Accounting API
Scope Description
com.intuit.quickbooks.accounting Grants access to the QuickBooks Online Accounting API, which focuses on accounting data.
com.intuit.quickbooks.payment Grants access to the QuickBooks Payments API, which focuses on payments processing.
openid

Grants access to OpenID Connect features. Include one or more of the following capabilities:

  • profile — User’s given and family names info
  • email — User’s email address info
  • phone — User’s phone number info
  • address — User’s physical address info