QuickBooks: Answers on questions

Updated July 29, 2024

Details about the app

App URLs

Categorize your app

  • Select only: Sales, Invoicing and Customer Management

Tell us about regulated industries that you use app

  • None of the above

Where is you app hosted

  • Country: United States of America
  • IP Address (range): from 0.0.0.0 to 255.255.255.255

Countries you accept connections from:

  • Keep selected all of them

App assessment questionnaire

General Questions
  1. Has your company ever received any complaints, lawsuits, or investigative requests from regulatory authorities or government agencies?
    No

  2. Have you worked with legal counsel to understand any regulatory requirements or other considerations related to your business activities and use of user data?
    No

  3. Have you reviewed and confirmed that you will comply with the security policies found here?
    Yes, I confirm that my app will comply with the security policies found above.

  4. Apps that use Intuit APIs (whether public or private) need to be relevant and clearly related to QuickBooks, accounting, payments, workflows, finance, and other acceptable uses. Is your app designed for either of the following: to enhance, streamline, or improve yours or others’ QuickBooks experience; to facilitate a business process (e.g. syncing QBO data to another service)
    Yes

  5. Will your app use QuickBooks customer data for any purposes other than to provide products and services to small business customers?
    No

  6. Are you or any of your representatives (including owners, affiliated parties, associated parties or any beneficiaries): (i) on any sanctions lists in the countries available in the app store or (ii) doing business in any of the US embargoed countries (which includes the Crimea region of Ukraine, North Korea, Iran, Cuba, and the Syrian Arab Republic)?
    No

  7. Does your app include any functionality involving any of the following regulated services? Chosen:
    None of the below

App Information
  1. Which of the following is true about your app (at least one option must be checked):
    You were asked to create this app in order to get credentials/keys to be used on another platform that integrates with QuickBooks

Provide a link to the instructions that told you to create a new app:

Authorization and Authentication
  1. Have you tested connecting, disconnecting, and reconnecting your app with a sandbox or non-production company?
    Yes

  2. How often does your app refresh access tokens?
    Only when access tokens expire

  3. Does your app retry authorization and authentication requests that have failed?
    Yes

  4. If your app encounters an authorization and authentication error, do you ask customers to reconnect to your app?
    Yes

  5. Did you use the Intuit discovery document to get the latest endpoints required in the OAuth2.0 flow?
    Yes

  6. Can your app handle the following scenarios (yes/no):
    a. Errors due to expired access tokens
    Yes

    b. Errors due to expired refresh tokens
    Yes
    c. Invalid grant errors
    Yes
    d. CSRF errors

    Yes

  7. Does your app rely on the OAuth playground or other offline tools to get access or refresh tokens tokens?
    Yes

API Usage
  1. Which of the broad API categories does your app use? (multiple choice) Chosen:
    Accounting API

  2. How often does your app call our APIs for each customer? (multiple choice) Chosen:
    Only on-demand during customer interactions with your app

Accounting API
  1. Which customer-facing version of QuickBooks Online is your app designed for? (Select all that apply) Chosen:
    Simple Start
    Essentials
    Plus
    Advanced

  2. Users often change versions of QuickBooks Online. This means they may get access to new features, or lose certain features, at any time. Can your app handle situations where users gain or lose access to version-specific features?
    Yes

  3. Tell us how you plan to handle this situation:

    We actively monitor new versions of QuickBooks online and respond promptly to any version changes. We also provide support at the request of our customers.

  4. Does your app utilize any of the following features ? (Select all that you've verified and thoroughly tested) Chosen:
    Sales tax - For QuickBooks companies in the United States
    Sales tax - For QuickBooks companies outside of the United States
    Multicurrency

  5. Do you use webhooks for your app?
    Yes

  6. Is the endpoint URL active and functional?

    Yes

  7. Do you use the CDC operation for your app?
    No

Error Handling
  1. Have you tested if your app can handle API errors, including syntax and validation errors?
    Yes

  2. Does your app capture the value of the intuit_tid field from response headers?
    Yes

  3. Does your app have a mechanism for storing all error information in logs that can be shared for troubleshooting purposes, if required?
    Yes

  4. Do you provide a way for customers to contact you for support from within your app?
    Yes

  5. How?
Security
  1. Has your company ever had a security breach that required notification to customers or government agencies/authorities?
    No

  2. Do you have a security team that regularly assesses vulnerabilities and risks for your app?
    Yes

  3. Are the client ID and client secret for your app stored securely (i.e. not hardcoded within your app or displayed in browser console logs)?
    Yes

  4. Does your app use multi-factor authentication?
    No

  5. Does your app use Captcha for authentication?
    No

  6. Does your app use WebSocket?
    Yes

  7. Once a customer's Intuit data is in your system, do you allow it to be used by or shown to anyone other than that customer?
    No, all Intuit customer data processed by our app is only used for the benefit of the original customer

After you submit the answers you need to wait a bit before QuickBooks approve your submission