ODE to OAuth and Rest API’s and how I love thee – NOT

We always get questions about the Rest API’s and what they return versus what is returned through the SDK requests.

Well, my goal was to find an easy way to test the API’s without much trouble. To test QuickBooks desktop this was fairly easy. Just log in to workplace or your app with the appropriate company file open and in a new browser you could send the request and get a response. You could also do this with Poster and Post the body to the requested URL and you would get an answer.

Of course QuickBooks online wasn’t going to play as nice, so I had to figure out the best way to send the request. In doing so, I came across some great websites that can help make the process go smoother and help with creating OAuth signatures.

Where to begin…. Let’s get the RESTClient installed first. This is a Firefox addon that can be found at https://addons.mozilla.org/En-us/firefox/addon/restclient/. This client works well because it has the ability to add OAuth headers as well as calculating the OAuth signature when sending the request.

Once you get the RESTClient installed and running, it should look something like this:

Great, so now that it is installed and working, let’s move on to configuring it. This process can be used to access both QuickBooks Online (QBO) and QuickBooks Desktop (QBD) data from IDS.

  1. Login to https://workplace.intuit.com
    and select your Intuit Anywhere (IA) application
  2. Select the Development tab and make sure you
    have configured the QBO and/or QBD Data Source section.
  3. Scroll down to the bottom section of this page
    and select the “Test connect to app (OAuth)” link under the Testing Your App


  1. This will bring up the Intuit Anywhere Developer Playground. Select the Connect to QuickBooks button to go through the OAuth flow for authorizing your app to have access to the QuickBooks company data. (Your Consumer Secret key will be filled in.)


  1. Select QBO or QBD depending on how you configured your App above, select company and authorize.




  1. Select App Menu API test from the Post-Connection Interactions section of the screen. (Your Consumer Secret key will be filled in.)


  1. Now for the best part, here are your Consumer and Access Token keys and secret keys needed for signing the OAuth connections. You can also test some of the requests from this screen, but it won’t handle all the data requests, so that is the reason I am using the RESTClient addon. (Your Consumer Secret and Access Token Secret keys will be filled in.)


  1. Select the RESTClient tab from earlier or if you closed it, open a new tab and start the RESTClient.
  2. Select the Headers pull down and select the Custom Header. This will open a window where you will need to add the Content-Type with application/x-www-form-urlencoded as the value.


  1. Select the Authentication pull down and select OAuth. This will open the OAuth window where you will put the keys from the OAuth API Console (Step 7) so that it can automatically update the OAuth
    signature when you make the request. When you select Insert, it will ask you if you want to automatically create a new signature each time. You should select yes. (Make sure to copy the Consumer Secret and Access Token Secret keys.)


  1. You are all done. Oh, you want to see the request work. Me too. I am going to make a call to QBO services and retrieve a customer listing for my realm. The URL is the same as what you would use from
    the docs. https://[baseurl]/[realm]

    1. Go here – http://oauth.googlecode.com/svn/code/javascript/example/signature.html
    2. Enter all the information requested. Yes, a majority of the values are exactly what was used in the RESTClient above except for the timestamp and nonce. (Screen shot below.)
    3. Press the Sign button and there you go. If you captured a request from about using something like Fiddler or Firebug, you can plug in the timestamp and nonce and you should get the exact same signature as was sent from the RESTClient.

Make sure you select Response Body in the response section to see the results.


QBO Rest API’s: https://ipp.developer.intuit.com/0010_Intuit_Partner_Platform/0050_Data_Services/0400_QuickBooks_Online

QBD Rest API’s: https://ipp.developer.intuit.com/0010_Intuit_Partner_Platform/0050_Data_Services/0500_QuickBooks_Windows

There you have it. Just make sure when are going through and authorizing the company that the URL you send in matches the company otherwise you will get an error.

Here is a way to create or verify your implementation of an OAuth signature for your request.


I hope this helps and enjoy.

Other consoles available, but not tested.

REST Console for Chrome: https://chrome.google.com/webstore/detail/cokgbflfommojglbmbpenpphppikmonn

– William Lorfing – IPP Developer Relations

Update – October 10, 2012

It looks like the rest Client is not creating the signature correctly.

Here is how I got it to work correctly:
1. Go to http://oauth.googlecode.com/svn/code/javascript/example/signature.html and enter all the information for the signature.
2. Copy the Authorization header after you have created the signature
3. Go back to the rest client and clear the headers
4. Set the Content-type to application/xml (for create, update and delete)
5. Create a new header Authorization and past the Authorization Header from the googlecode page.

Then you can send the contents to QBO.






7 responses to “ODE to OAuth and Rest API’s and how I love thee – NOT”

  1. cyrus Avatar

    I am in the process of developing a web-based app which is to pull data from qbo and qbd. I’m debating between the sdk and rest api, however i dont need or want to market my app through the marketplace. Can i still use the rest api (intuit data services) or do i need to use sdk?

  2. William Lorfing Avatar
    William Lorfing

    At the present time, you would need to use the SDK.

  3. Anuj Kulkarni Avatar

    What if I have to connect using OAuth to any other service apart from QuickBooks ? How to achieve that ?

  4. mightycpa Avatar

    I want to develop a web service that both queries QBO and enters data too. By web service, I mean that this data would be collected from a third party source, and once authorized to use QB for that particular company, this data would then entered into QBO without any interaction from the user.
    Can I do this?
    Can I get into the App Center too?

  5. Balaji Avatar

    i am getting 401 error when tried from Crome REST API client.Please help me out.

  6. William Lorfing Avatar
    William Lorfing

    It sounds like the signature signing isn’t correct.
    Try using the API explorer and see if it works there. The API explorer is more stable and handles the signature signing better.

  7. Balaji Avatar

    Please post the sample of APEX code to call the Quickbook rest API service and fetch the data.

Leave a Reply

Your email address will not be published. Required fields are marked *