Technical requirements

To publish your app on the QuickBooks app store, it will be reviewed to ensure it meets the following technical requirements, in addition to meeting our security and marketing requirements.


The review process is initiated when you submit your app listing for one or more countries.


All published apps will be reviewed by Intuit on an annual basis, or more frequently at Intuit’s discretion, to ensure that they continue to meet the technical and security standards required.

Note

Note

The average time to pass a technical review is about 20 days from the date it is initiated. Actual time will depend on availability to schedule reviews, the number of issues found, and the speed with which you can remediate any issues.

Section 1: UI components (SSO & non-SSO apps)
These requirements involve the parts of your app that are displayed to users.
1.1: Connect to QuickBooks

From within your app, the Connect to QuickBooks button is presented in an area where users manage their accounting software connections, as shown in the examples below. Once a connection is established, this button is hidden.


Note: Your production Redirect URI must be a valid SaaS domain. See initiating the authorization request for more details.


Prior to connection, Connect to QuickBooks button is visible:

qbo/docs/list-on-the-app-store/C2QBExample.jpg

Once connection is established, the Connect to QuickBooks button is hidden and disconnect link is now visible:

qbo/docs/list-on-the-app-store/C2QBConnected.jpg
1.2: Browser compatibility:
Widgets, buttons, and workflows work in the latest versions of Edge, Firefox, and Chrome browsers.
1.3: Logos and buttons
All Intuit and QuickBooks logos and buttons are using the provided images.
1.4: Spelling and capitalization
“Intuit” and “QuickBooks” are spelled properly, including capitalization, and not abbreviated.
Section 2: QuickBooks data connection (SSO & non-SSO apps)
These requirements detail how your app must initiate, maintain, and re-establish connection with QuickBooks.
2.1: Successful data connections:
The API successfully passes data between your app and QuickBooks Online. Only QuickBooks Online API calls are used to move data.
  • Reading data from QuickBooks Online: Data successfully appears in the app.
  • Writing data to QuickBooks Online: Data successfully appears in QuickBooks Online.
To speed up this portion of your review, submit a support ticket outlining the steps our review team to follow in order to test this requirement. For example:
  • Link to a video which shows how to use your app
  • Link to a Knowledge Base article on support information
  • Provide keys needed to install the app (if applicable)
  • Provide account credentials to login to the app
  • Step by step guide on how to test the app’s integration with QuickBooks
  • Any additional caveats and tips
2.2: Maintaining connection
Once connected through OAuth, the connection is maintained until the user disconnects the app from QuickBooks. Signing out of an app does not disconnect a company.
  1. Create an account in your app and connect it to a QuickBooks company.
  2. Launch a different browser.
  3. Sign in to your app. Your app opens with the QuickBooks connection maintained. The Connect to QuickBooks button is hidden and data service calls are working.
2.3: Disconnecting

A user can disconnect the app from QuickBooks from within your app. There is no mandated Disconnect button or link to use as long as it properly calls our revoke endpoint. The button label should clearly indicates it will disconnect from QuickBooks; for example Disconnect from QuickBooks.

qbo/docs/list-on-the-app-store/C2QBConnected.jpg
Section 3: Sign-in with Intuit button (OpenID, SSO only)

These requirements detail how your app must use OpenID to implement the Sign in with Intuit button.


This section is only required if you are using Intuit ingle sign-on.

Warning

Warning

Your app must use the OpenID claimed identity, and must not use the OpenID email address, when creating an association between your app’s user and Intuit’s OpenID in your database. During subsequent logins, your app must match the OpenID claimed identifier sent by Intuit against what you have associated with your user, to allow the user to gain access to your app. Storing and matching OpenID email address is insecure.

Warning

Warning

Your app must establish the association between Intuit OpenID and your user, only after the user has been securely authenticated into your app, by password prompt or otherwise. This ensures your user is explicitly allowing the OpenID association to give access to your app.

3.1: Sign in with Intuit button

The Sign in with Intuit button appears on all app sign-in pages and is displayed properly. When clicked, it launches the Intuit OpenID sign-in page. The button is rendered using either JavaScript or approved graphics.


Here is an example where the button appears on the app sign-in page:

qbo/docs/list-on-the-app-store/SIWI.jpg
3.2: Unknown users

A new unknown user who clicks Sign in with Intuit is signed in only to the app, without executing OAuth.

Note

Tip

Have a workflow/wizard to recognize this customer and offer the ability to either link an existing account or create a new account for your app. Then inform user that the app is not connected to their QuickBooks data and show the Connect to QuickBooks button.

  1. Click the Sign in with Intuit button.
  2. Type the User ID and password for an existing Intuit account that is NOT currently connected to the app and click Sign In. The Intuit OpenID authorization screen appears. Your app should not interfere with or change the OpenID flow.
  3. Click the Authorize button. The authorization screen closes and the user is returned to your app in a signed-in state.
3.3: Known users

An existing connected user who clicks Sign in with Intuit is taken into the app and data service calls work.

  1. Click the Sign in with Intuit button.
  2. Type the user ID and password for an Intuit account that is currently connected to the app.
  3. Click the Sign in button. The user goes into your app without entering more credentials. The Connect to QuickBooks button is hidden and all data service calls work.

Caution: If the user already exists in your database but their Intuit identity has not been established, initiate an application session for that user only after prompting the user to enter their password prior to linking the Intuit identity to their existing account.

Section 4: Interaction with the QuickBooks app store (Intuit SSO only)

These steps define how your app experience allows the user to navigate the QuickBooks app store when your app uses Intuit single sign on.


If your app does not use Intuit single sign-on, skip to section 5.


The user can interact with your app through the Apps tab in QuickBooks Online. This tab can also be reached by clicking My apps after logging in to the QuickBooks App store.

qbo/docs/list-on-the-app-store/MyAppsQBO.jpg

There are four actions available:

  • Launch: Your app’s Launch URL, as defined in the App settings page. This is for apps published on the QuickBooks App store, the page that implements Intuit singlesign-on that allows the user to sign in automatically.
  • Support: Enabled on your behalf. No action required.
  • Disconnect: Launch your app’s Disconnect URL as defined in the App settings page. Your user lands on this page after the app disconnects from your user’s QuickBooks company. This page implements Intuit single sign-on that allows the user to sign in automatically, and implements the Connect to QuickBooks button so users can reconnect as needed.
  • Write a review: Enabled on your behalf. Reviews will show up on your published listing.
4.1: Free trials

On the QuickBooks app store, a new user can sign up for a free trial of your app by clicking the Get app now button.

  1. Make sure you’re not currently signed in to the QuickBooks app store:
  1. Log out of your app.
  2. Log out of the QuickBooks app store.
  3. Close your browser.
  4. Open a new browser session.
  1. Navigate to the List on App Store page and click the Test Get App Now button to test the link.

qbo/docs/list-on-the-app-store/TestGetAppNow.png

  1. On the Intuit OpenID sign-in page, type the user name and password for an existing Intuit account that is NOT currently connected to your app.
  2. If prompted, choose QuickBooks Desktop or QuickBooks Online.
  3. If prompted, choose a company.
  4. Click the Authorize button.
  5. The user’s free trial starts and the browser is directed to the page of your app that shows the integrated QuickBooks data, or a message about the integration.
Detailed requirements:
  • Your app automatically provisions the user’s account.
  • Page doesn’t prompt to create or enter a password (unless your app is not implementing Intuit Single Sign-On).
  • Page doesn’t ask for any information that OpenID provides (name, email, realm ID) or the QuickBooks Online API provides (company name, address, phone number, and so on).
  • Don’t ask the user to select a plan or enter payment info.
  • Don’t show the Connect to QuickBooks button because the user’s already connected.
4.2: Sign in from App store

If a user is signed in to the QuickBooks app store but not signed in to your app, the user can sign in to your app without being asked for credentials.


  1. Make sure you’re NOT currently signed in to your app:
    1. Log out of your app.
    2. Log out of the QuickBooks app store.
    3. Close your browser.
    4. Open a new browser session.
  2. Go to MyApps.
  3. Sign in to the QuickBooks app store with a QuickBooks account that is connected to your application.
  4. You should be redirected to the QuickBooks Online company’s My Apps Tab under the Apps section.
  5. Locate and launch your app. It should open without prompting for credentials.
4.3: Launch from App store without credentials

If the user has not signed out of your app or the QuickBooks app store, your app should launch from the QuickBooks app store without asking for credentials.


  1. Make sure you’re currently signed in to your app.
  2. Go to MyApps.
  3. Sign in to the QuickBooks App store.
  4. You should be redirected to the QuickBooks Online company’s My Apps tab within the Apps section
  5. Locate and launch your app. It should open without prompting for credentials.
4.4: Disconnect from the App store

A user can disconnect your app’s access to their QuickBooks account from the QuickBooks App store.


  1. Make sure you’re NOT currently signed in to your app:
    1. Log out of your app.
    2. Log out of the QuickBooks app store.
    3. Close your browser.
    4. Open a new browser session.
  2. Go to MyApps.
  3. You should be redirected to the QuickBooks Online company’s My Apps tab within the Apps section.
  4. From the My Apps tab, locate your app and click the Disconnect link.
  5. From the Confirm Disconnect dialog, click the Yes, Disconnect App button.
  6. On the Confirm Disconnect dialog, click Next or Close. The app disconnects from the user’s QuickBooks data. The UI refreshes so the user can re-connect if necessary.

What happens next:

  • Your app no longer appears in the My Apps Tab under Apps section of the QuickBooks Online Company under MyApps.
  • The user is redirected to a disconnect landing page within your app.
  • The disconnect landing page is OpenID-enabled
  • The OAuth tokens are invalidated and data service calls cannot be made.

What your app needs to do:

  • The Connect to QuickBooks button appears.
  • The Disconnect link is hidden.

Warning

Warning

If you’re using your development environment to test the disconnect, you see a Close button instead of Next. Click the Close button and wait for the App listing page to refresh (removing your application). Then manually navigate to the disconnect URL you specified for the development instance of your application.

Note

Note

If there are multiple QuickBooks Online companies associated with the User ID, you would be prompted with a Company Picker Page.

Section 5: Interaction with the QuickBooks app store (Not using Intuit SSO)
This section applies only to apps that do not implement Intuit single sign-on.
5.1: Learn More button

Implement the Learn More button in place of Get app now on your app’s List on App store settings page.


The URL should lead to a page with an app descriptions, how-tos about your app, and information on how it integrates with QuickBooks Online.

5.2: Launch URL
The launch URL should be set to your app’s login page.
5.3: Disconnect from App store
Your app can be disconnected from within the QuickBooks App store. The Disconnect URL should be a static page which informs the user that their QuickBooks connection has been terminated and provides instructions on how to reconnect to QuickBooks.
Section 6: Accountant-ready apps

This section applies only to apps that are intended for use with the QuickBooks Online Accountant. See Make your app accountant ready for details.

You don’t need to have QuickBooks Online Accountant in order to create and test apps intended for it. To be accepted, your app needs to support three use cases:

Note

Note

Your app must support Intuit single sign-on in order to appear in the QuickBooks Online Accountant apps tab.

To create the testing environment:


  1. Create two QuickBooks Online companies (Company A and Company B) using the same Intuit user account. (If you create a trial company, please select “Sign in” instead of “Create account” on the first page.) Then test with the following steps.
  2. Test GetAppNow for Company A
  1. Log into Company A.
  2. Subscribe to your app from the apps tab. If your app is not already published, you can use the following link for this test: https://appcenter.intuit.com/app/connect/oauth2/request?appId=<appId> (where appId can be found in the Production tab of your app settings in https://developer.intuit.com).
  3. The user should land in your app under the context of Company A with QuickBooks Online connection established.
  4. Log out.
  1. Test launching from Company A
  1. Log into Company A.
  2. Launch your app from the Apps tab.
  3. The user should land in your app under the context of Company A.
  4. Log out.
  1. Test disconnecting from Company A
  1. Log into Company A.
  2. Disconnect your app from the apps tab.
  3. The user should land in your app under the context of Company A.
  4. Log out.
  1. Test GetAppNow for Company B
  1. Log into Company B.
  2. Subscribe to your app from the apps tab. If your app is not already published, you can use the following link for this test: https://appcenter.intuit.com/app/connect/oauth2/request?appId=<appId> (where appId can be found in the Production tab of your app settings in https://developer.intuit.com).
  3. The user should land in your app under the context of Company B with QuickBooks Online connection established.
  4. Log out.
  1. Test launching from Company B
  1. Log into Company B.
  2. Launch your app from the apps tab.
  3. The user should land in your app under the context of Company B.
  4. Log out.
  1. Test disconnecting from Company B
  1. Log into Company B.
  2. Disconnect your app from the apps tab.
  3. The user should land in your app under the context of Company B.
  1. Recommended: Provide a page listing all companies that a given user has connected to your app. This enhances your user’s experience and provides them a convenient way to manage their connections.
  1. Provide a disconnect button for each company listed so the user can easily disconnect companies as needed.
  2. At the bottom of the page, provide a Add new company button, which allows the user to connect additional companies if required. Clicking this button opens the Connect to QuickBooks button:

qbo/docs/list-on-the-app-store/Screen_Shot_2017-12-12_at_11.28.02_AM.png

  1. After connecting the new company, it appears in the listing and the interface refreshes:

qbo/docs/list-on-the-app-store/Screen_Shot_2017-12-12_at_11.29.19_AM.png
Section 7: Regulated industry check
Prior to starting a review, if your app operates in one or more of the following industries, Intuit will perform a review of the business to ensure that the app is compliant to operate in that industry:
  • Lending
  • Insurance
  • Investment / Financial Planning
  • Payments / Money Movement