Authentication and authorization

Your server-side app will use QuickBooks Online OAuth libraries or endpoints to implement the OAuth 2.0 authorization that allows your apps to access QuickBooks Online APIs. OAuth 2.0 lets an application access specified user data without requiring access to a user's private credentials. This means that an application can use OAuth 2.0 to obtain permission from a QuickBooks Company admin to read and write data to their QuickBooks company.

This OAuth 2.0 flow is designed to allow your app to access the QuickBooks Online API whether the user is interacting with the application or not.

Code samples and SDKs

Here are some code samples and SDKs with client libraries that can help you implement OAuth 2.0.  

Client libraries are available for the following languages:

OAuth 2.0 sample integrations included in SDKs: 

Sample OAuth 2.0 implementations that are SDK independent: 

OAuth 1.0 and OAuth 2.0

  • If your developer account created apps before July 17,2017, any apps created by that account, including future apps and apps under development now, will use OAuth1.0a and OpenID 2.0. There is no requirement to migrate OAuth 1.0a apps to OAuth 2.0. 
  • If your developer account has not created any apps before July 17, 2017, all apps created now by that account will use OAuth 2.0 and OpenID Connect. 

Intuit Developer Group are working on providing a path to migrate developer accounts' OAuth 1.0a keys from OAuth 1.0a to OAuth 2.0, and to enable all developer accounts to create new apps that use OAuth 2.0. We will notify the community once this path is ready.

Get started

To begin, get your OAuth keys from your app's Keys tab of your Intuit Developer account. Your app uses these keys to get an access token from the Intuit OAuth service for access to the QuickBooks company for which the admin user authorizes. 

The information below helps you to identify which OAuth stack your app is using. 

ItemOAuth1.0aOAuth 2.0
KeysOAuth Consumer Key, OAuth Consumer Secret on app's Keys tab
Note: App Token on Keys tab is unused.
Client ID, Client Secret on app's Keys tab
URI to serve OAuth requestsoauth_callback query parameter in get_request_token processing, in your code.Redirect URI on app's Keys tab
URI to serve Intuit Single Sign-0n requestsOpenID URL on app's Settings tabConnect Request URL on app's Settings tab
Identity authenticationOpenID 2.0OpenID Connect
DocumentationOAuth 1.0a integration
OpenID 2.0 integration 
OAuth 2.0 integration
OpenID Connect integration

Side-by-side comparison of OAuth 1.0a and OAuth 2.0 keys tabs. 


Did you find this page helpful?
Your feedback helps us make our docs better. Please let us know if this page helped you, or if it needs improvement.

 Got Questions? Get Answers in our developer forums.