Apps must meet these requirements before they will be published.
Apps published on the QuickBooks app store must not only meet these requirements at the time of publication, but continuously after publishing. Intuit checks all apps annually to ensure that they still meet the technical and security standards required.
The average estimated time it should take for your app to complete technical review is about 20 days. This can vary if issues are found in your app during the review process.
Section 1: UI components
These requirements involve parts of your app that are displayed to users.
To allow the customer to connect to their QuickBooks company from within your app, present the Connect to QuickBooks button in an area where users can manage their accounting software connections, as shown in the images below. This button shows in the app prior to connection, and is hidden once a connection has been established.
Note: If your application supports OAuth2, your production Redirect URI callback must be a valid SaaS domain. See here for more details.
Widgets/Buttons/Workflows work in Edge, as well as Firefox and Chrome browsers (current versions).
QuickBooks is spelled properly (including capitalization); no abbreviations are permitted.
Section 2: QuickBooks data connection
These requirements detail how your app must initiate, maintain, and re-establish connection with QuickBooks.
The API successfully passes data between your app and QuickBooks Online. Only QuickBooks Online API calls are used to move data.
To speed your review, submit a support ticket outlining the steps you follow to test this requirement. For example:
Once connected through OAuth, the connection is maintained until the user disconnects from QuickBooks. Signing out of an app does not disconnect a company.
A user can disconnect the app from QuickBooks from within your app. There is no mandated Disconnect button or link to use as long as it calls our revoke endpoint(OAuth 2.0) properly. Label that button so it clearly indicates disconnect from QuickBooks; for example Disconnect from QuickBooks.
These requirements detail how your app must use OpenID to implement the Sign in with Intuit button.
This section is not required for apps that don’t use Intuit Single Sign-On.
Your app must use the OpenID claimed identity, and must not use the OpenID email address, when creating an association between your app’s user and Intuit’s OpenID in your database. During subsequent logins, your app must match the OpenID claimed identifier sent by Intuit against what you have associated with your user, to allow the user to gain access to your app. Storing and matching OpenID email address is insecure.
Your app must establish the association between Intuit OpenID and your user, only after the user has been securely authenticated into your app, by password prompt or otherwise. This ensures your user is explicitly allowing the OpenID association to give access to your app.
The Sign in with Intuit button appears on all app sign-in pages and is displayed properly. When clicked, it launches the Intuit OpenID sign-in page. Here is an example where the button appears on the app sign-in page.:
A new unknown user who clicks Sign in with Intuit signs in only to the app, without executing OAuth.
Have a workflow/wizard to recognize this customer and offer the ability to either link an existing account or create a new account for your app. Then inform user that the app is not connected to their QuickBooks data and show the Connect to QuickBooks button.
An existing connected user who clicks Sign in with Intuit is taken into the app and data service calls work.
Caution: If the user already exists in your database but it’s Intuit identity has not be established before, initiate an application session for that user only after prompting the user to enter their password prior to linking the Intuit identity to their existing account.
Section 4: Interaction with the QuickBooks app store
These steps define how your app experience allows the user to navigate the QuickBooks app store.
The user can interact with your app through the Apps tab in QuickBooks Online. This tab can also be reached by clicking My apps after logging in to the QuickBooks app store.
There are four actions available:
This section is not required for apps that don’t use Intuit Single Sign-On.
On the QuickBooks app store, a new user can sign up for a free trial of your app by clicking the Get app now button.
Make sure you’re not currently signed in to the QuickBooks app store:
Navigate and test the Test Get App Now link for your app via your app’s List on the app store section.
On the Intuit OpenID sign-in page, type the user name and password for an existing Intuit account that is NOT currently connected to your app.
If prompted, choose QuickBooks Desktop or QuickBooks Online.
If prompted, choose a company.
Click the Authorize button. The user starts their free trial and lands on the page of your app that shows their integrated QuickBooks data, or a message about the integration. Detailed requirements:
If a user is signed in to the QuickBooks app store but not signed in to your app, the user can sign in to your app without being asked for credentials.
If the user has not signed out of your app or the QuickBooks app store, your app should launch from the QuickBooks app store without asking for credentials.
A user can disconnect your app’s access to their QuickBooks account from the QuickBooks app store.
Make sure you’re NOT currently signed in to your app:
Go to MyApps.
You would be redirected to the QuickBooks Online company’s My Apps Tab under Apps section.
From the My Apps tab, locate your app and click the Disconnect link.
From the Confirm Disconnect dialog, click the Yes, Disconnect App button.
On the Confirm Disconnect dialog, click Next or Close. The app disconnects from the user’s QuickBooks data. The UI refreshes so the user can re-connect if necessary.
What happens next:
What your app needs to do:
If you’re using your development environment to test the disconnect, you see a Close button instead of Next. Click the Close button and wait for the App listing page to refresh (removing your application). Then manually navigate to the disconnect URL you specified for the development instance of your application.
If there are multiple QuickBooks Online companies associated with the User ID, you would be prompted with a Company Picker Page. To lookup Apps under your sandbox QuickBooks Online account, navigate to the Manage Sandbox Companies on Developer Portal and select the sandbox QuickBooks Online company, then you should be able to see the apps under My Apps Tab under Apps section.
Section 5: Apps without single sign-on
This section applies only to apps that do not implement Intuit single sign-on.
Section 6: Accountant-ready apps
This section applies only to apps that are intended for use with the QuickBooks Online Accountant apps tab.See here for additional details.
You don’t need to have QuickBooks Online Accountant in order to create and test apps intended for it. To be accepted, your app needs to support three use cases:
Your app must support Intuit single sign-on in order to appear in the QuickBooks Online Accountant apps tab.
To create the testing environment, create two QuickBooks Online companies (Company A and Company B) using the same Intuit user account. (If you create a trial company, please select “Sign in” instead of “Create account” on the first page.) Then test with the following steps.
Recommended: provide a page listing all companies that a given user has connected to your app. This enhances your user’s experience and provides them a convenient way to manage their connections.
Provide a disconnect button for each company listing so the user can easily disconnect companies as needed.
At the bottom of the page, provide a Add new company button, which allows the user to connect additional companies if required. Clicking this button opens the Connect to QuickBooks button:
After connecting the new company, it appears in the listing and the interface refreshes:
Section 7: Regulated Industries Check
Prior to starting a review, if your app operates in one or more of the following industries, Intuit will perform a review of the business to ensure that the app is compliant to operate in that industry: