What’s QuickBooks?

QuickBooks is Intuit’s accounting software that owns the small business market because it’s cheaper than everything else, and your accountant already knows it. There’s QuickBooks Online (cloud) and QuickBooks Desktop. Most businesses use it until they hit about $10M revenue, then graduate to something that doesn’t crash during month-end close. You’re here because you need to sync data between QuickBooks and your app. Here’s how to get API access without reading Intuit’s 500-page documentation.

Prerequisites

• QuickBooks Online account (Desktop API is different hell entirely)

• Intuit Developer account (free but annoying)

• Know if you’re building for one company or many.

Step 1: Create an Intuit Developer Account

Go to https://developer.intuit.com and sign up. Use an email you’ll still have access to in 2 years when something breaks.

Step 2: Create Your App

Dashboard → Create an app

Pick your platform: - QuickBooks Online: What 90% of you want - Payments: For processing credit cards - Don’t pick both unless you need both

Name your app something memorable. You’ll have 50 test apps eventually.

Step 3: Get Your Credentials

Your app dashboard shows: - Client ID: Public identifier for your app - Client Secret: Click “Show” and copy it somewhere secure

Development vs Production: - Development: For testing, works with sandbox companies - Production: For real data, requires app assessment (yes, really)

Both have different keys. Don’t mix them up.

Step 4: Set OAuth Settings

In your app settings → Redirect URIs

Add your callback URLs: - Development: http://localhost:8080/callback - Production: https://yourapp.com/auth/quickbooks/callback

Must be HTTPS in production. No exceptions.

Step 5: Configure Scopes

Settings → Scopes

Common ones you’ll need: - com.intuit.quickbooks.accounting: Read/write all accounting data - com.intuit.quickbooks.payment: Process payments - openid: Get user info - email: User’s email address - profile: User’s profile info - phone: Nobody uses this

Pick the minimum. Users see these on consent screen and get paranoid.

Step 6: Connect to a Company

For Development:

1. Create a sandbox company (Dashboard → Sandbox)

2. Use “Connect to QuickBooks” button with your sandbox

3. Authorize the connection

4. Get your authorization code

For Production:

1. Complete app assessment (more on this below)

2. Same OAuth flow but with real companies

3. Get authorization code

4. Exchange for tokens

Step 7: Token Management

You get: - Access token: Dies in 60 minutes - Refresh token: Good for 100 days (but refresh it every 50 to be safe) - Company ID (realmId): Need this for every API call

Miss the 100-day refresh window? User has to reauthorize. Your customers will love that.

The Production App Assessment Nightmare

Before touching real data, Intuit requires: 1. Security questionnaire 2. App description and use case 3. Sometimes a demo call 4. 1-2 week wait

Just answer their questions. Fighting it wastes more time.

Common Screwups to Avoid

1. Sandbox vs Production Confusion: Different base URLs

   • Sandbox: https://sandbox-quickbooks.api.intuit.com

   • Production: https://quickbooks.api.intuit.com

2. Token Refresh Amnesia: That 100-day limit is real. Day 101 = reauthorization. Set up automated refresh at day 50.

3. Rate Limits:

   • 500 requests per minute per company

   • 40 concurrent requests max

   • Batch operations count as one request (use them)

4. Webhook Verification: If using webhooks, you MUST verify the signature or Intuit disables them. No exceptions.

5. Minor Version Hell: API responses change based on minor version. Set it explicitly in headers or enjoy random breaking changes.

6. Company ID Mix-ups: Each QuickBooks company has a unique ID. Using the wrong one = 401 errors.

API Limits That Will Annoy You

• Invoices: 5000 line items max (who has that many?)

• Customers: 15000 max (then what?)

• API response: 1000 records per page

• Batch operations: 30 items per request

• Report date ranges: 1 year max

The Disconnect Problem

QuickBooks forces reauthorization if: - No API calls for 100 days - User revokes access in QuickBooks - Intuit decides your app is suspicious - Payment fails on QuickBooks subscription

Build reconnection flows now, not when customers are screaming.

What You Actually Need to Know

1. Accounting API: Full CRUD on all objects - invoices, customers, payments, everything

2. Reports API: Read-only financial reports (P&L, Balance Sheet, etc.)

3. Webhooks: Real-time notifications (when they work)

4. Batch API: Send multiple operations in one request (use this for bulk operations)

QuickBooks Desktop Note

Still need Desktop? Different API, different auth (OAuth 1.0), requires QuickBooks Desktop running, and Intuit wants it dead. Only use if forced at gunpoint. You can read our guide here about Quickbooks Desktop API.

Testing Without Going Insane

1. Use sandbox companies (free, unlimited)

2. Sandbox data resets randomly - don’t get attached

3. Test with production-like data volumes

4. Test token refresh on day 99 (not day 100)

5. Test reconnection flows before launch

That’s it. You have QuickBooks API access. Stop reading forums and start building.

Managing QuickBooks API connectivity with Apideck's Vault

If you want to integrate with QuickBooks and other accounting systems, managing API connections can be challenging. You can use Apideck to connect to accounting applications. Apideck's Vault allows for:

• Secure credential storage with automatic token refresh - No need to build token management infrastructure or handle OAuth flows manually.
• Pre-built authentication UI - Embedded Vault components handle credential input and OAuth authorization without custom UI development.
• Centralized connection monitoring - Track connection states, validate credentials, and manage multiple accounting platforms from a single dashboard.

And here's how you can easily connect and manage permissions for your API Access.