API Docs & Tools Blog Help
ODE to OAuth and Rest API’s and how I love thee – NOT - Intuit Developer Community Blog

September 9, 2012 | William Lorfing

ODE to OAuth and Rest API’s and how I love thee – NOT

We always get questions about the Rest API’s and what they return versus what is returned through the SDK requests.

Well, my goal was to find an easy way to test the API’s without much trouble. To test QuickBooks desktop this was fairly easy. Just log in to workplace or your app with the appropriate company file open and in a new browser you could send the request and get a response. You could also do this with Poster and Post the body to the requested URL and you would get an answer.

Of course QuickBooks online wasn’t going to play as nice, so I had to figure out the best way to send the request. In doing so, I came across some great websites that can help make the process go smoother and help with creating OAuth signatures.

Where to begin…. Let’s get the RESTClient installed first. This is a Firefox addon that can be found at https://addons.mozilla.org/En-us/firefox/addon/restclient/. This client works well because it has the ability to add OAuth headers as well as calculating the OAuth signature when sending the request.

Once you get the RESTClient installed and running, it should look something like this:

Great, so now that it is installed and working, let’s move on to configuring it. This process can be used to access both QuickBooks Online (QBO) and QuickBooks Desktop (QBD) data from IDS.

  1. Login to https://workplace.intuit.com
    and select your Intuit Anywhere (IA) application
  2. Select the Development tab and make sure you
    have configured the QBO and/or QBD Data Source section.
  3. Scroll down to the bottom section of this page
    and select the “Test connect to app (OAuth)” link under the Testing Your App


  1. This will bring up the Intuit Anywhere Developer Playground. Select the Connect to QuickBooks button to go through the OAuth flow for authorizing your app to have access to the QuickBooks company data. (Your Consumer Secret key will be filled in.)


  1. Select QBO or QBD depending on how you configured your App above, select company and authorize.




  1. Select App Menu API test from the Post-Connection Interactions section of the screen. (Your Consumer Secret key will be filled in.)


  1. Now for the best part, here are your Consumer and Access Token keys and secret keys needed for signing the OAuth connections. You can also test some of the requests from this screen, but it won’t handle all the data requests, so that is the reason I am using the RESTClient addon. (Your Consumer Secret and Access Token Secret keys will be filled in.)


  1. Select the RESTClient tab from earlier or if you closed it, open a new tab and start the RESTClient.
  2. Select the Headers pull down and select the Custom Header. This will open a window where you will need to add the Content-Type with application/x-www-form-urlencoded as the value.


  1. Select the Authentication pull down and select OAuth. This will open the OAuth window where you will put the keys from the OAuth API Console (Step 7) so that it can automatically update the OAuth
    signature when you make the request. When you select Insert, it will ask you if you want to automatically create a new signature each time. You should select yes. (Make sure to copy the Consumer Secret and Access Token Secret keys.)


  1. You are all done. Oh, you want to see the request work. Me too. I am going to make a call to QBO services and retrieve a customer listing for my realm. The URL is the same as what you would use from
    the docs. https://[baseurl]/[realm]

    1. Go here – http://oauth.googlecode.com/svn/code/javascript/example/signature.html
    2. Enter all the information requested. Yes, a majority of the values are exactly what was used in the RESTClient above except for the timestamp and nonce. (Screen shot below.)
    3. Press the Sign button and there you go. If you captured a request from about using something like Fiddler or Firebug, you can plug in the timestamp and nonce and you should get the exact same signature as was sent from the RESTClient.

Make sure you select Response Body in the response section to see the results.


QBO Rest API’s: https://ipp.developer.intuit.com/0010_Intuit_Partner_Platform/0050_Data_Services/0400_QuickBooks_Online

QBD Rest API’s: https://ipp.developer.intuit.com/0010_Intuit_Partner_Platform/0050_Data_Services/0500_QuickBooks_Windows

There you have it. Just make sure when are going through and authorizing the company that the URL you send in matches the company otherwise you will get an error.

Here is a way to create or verify your implementation of an OAuth signature for your request.


I hope this helps and enjoy.

Other consoles available, but not tested.

REST Console for Chrome: https://chrome.google.com/webstore/detail/cokgbflfommojglbmbpenpphppikmonn

– William Lorfing – IPP Developer Relations

Update – October 10, 2012

It looks like the rest Client is not creating the signature correctly.

Here is how I got it to work correctly:
1. Go to http://oauth.googlecode.com/svn/code/javascript/example/signature.html and enter all the information for the signature.
2. Copy the Authorization header after you have created the signature
3. Go back to the rest client and clear the headers
4. Set the Content-type to application/xml (for create, update and delete)
5. Create a new header Authorization and past the Authorization Header from the googlecode page.

Then you can send the contents to QBO.


View all
Load more comments