Updated process to get production keys

Editor’s note: Lisa Rathjens, Shweta Kumar, and Judy Vander Sluis contributed to this blog post.

Intuit® is committed to protecting our customers’ data. We periodically refresh our app compliance criteria to ensure an appropriate level of security and quality for any third-party app that uses our APIs.

In August 2021, we refreshed the platform requirements for apps on our platform. All apps that intend to access production data are required to undergo Intuit’s legal, tech, security, and platform assessment processes. This applies to all apps, whether or not they are listed in the QuickBooks app store. 

You can read more about these requirements in this December 2021 blog post.

What’s changing?

Today, we’re announcing some changes that will make it easier for you to comply with these requirements.

New requests for production keys

Previously, after you developed and tested your app integration, and were ready to go to production, you were asked to provide some details about your company, your app, and its scope before you could access production keys.

Now, we have expanded this required information to include questions pertaining to the legal, technical, and security aspects of your app and your business. This app assessment questionnaire must be submitted successfully before you will be granted access to production keys.

The questionnaire is organized into sections via tabs in a left pane. Click on a tab to see the questions for that section. Anyone who is a member of the app’s “Team” will be able to access, contribute to, save, and submit the questionnaire. Learn more about how to set up a “Team” for your app here. We recommend you work with subject matter experts in your company to answer the questions properly. Typically, it can take 30-40 minutes to complete. Note that if you are unable to answer a specific question and need to do some research, you can Save a partially completed questionnaire and return to it later to finish and Submit.

Once you click on “Start questionnaire”, select the app name from the dropdown box:

Note that the questionnaire is app-specific; you must complete the questionnaire for every app integration for which you request production keys.

In addition to the questionnaire, you are now also required to state where your app is hosted in the “Production Settings” tab. You must specify the country or countries, as well as the IP address(es) associated with your app. If necessary, you can add multiple values in each of these fields.

You also must specify your host domain, launch URL, and disconnect URL. To get more information on these fields please refer to our documentation here.

In most cases, our assessment process is fast. After successfully submitting the questionnaire and providing all other required information, production keys will be unblocked. If not, you’ll be prompted with a request for additional information and next steps. If you are unable to meet our requirements, access to production keys will be blocked.

Existing production apps

If your app already has access to production data, you are still required to provide the new information. When you log in to your app dashboard, you will be prompted with a list of information needed.

Clicking through on each item will bring you to the page to enter the required information.

You will be blocked from accessing your app card or other areas of the dashboard until all the required information has been provided.

Where can I find more information?

Please refer to this FAQs document for other questions and guidance.