Establishing a Connection
Authenticating to QuickBooks Online
QuickBooks Online uses the OAuth authentication standard. When you connect, the provider opens the OAuth endpoint in your default browser. Simply log in and grant permissions to the application. The provider then completes the OAuth process.
Alternatively, you can create an app to obtain the OAuthClientId, OAuthClientSecret, and CallbackURL connection properties.
Creating a Custom OAuth App
Intuit uses the OAuth authentication standard. OAuth requires the authenticating user to interact with QuickBooks Online using the browser. Follow the steps below to obtain the OAuth values.
Authenticate to QuickBooks Online in a Desktop ApplicationAfter setting the following connection properties, you are ready to connect:
The provider is already registered as an OAuth application with QuickBooks Online and has embedded OAuth credentials. If you wish to create your own OAuth app.
- OAuthClientId: Leave this blank to use the embedded credentials, otherwise use the consumer key in your app settings.
- OAuthClientSecret: Leave this blank to use the embedded credentials, otherwise use the consumer secret in your app settings.
- CallbackURL: Leave this blank to use the embedded credentials, otherwise use the Launch URL in your app settings.
- OAuthVersion: Set the OAuth version.
- InitiateOAuth: Set this to GETANDREFRESH. You can use InitiateOAuth to avoid repeating the OAuth exchange and manually setting the OAuthAccessToken and OAuthAccessTokenSecret in case of OAuth 1.0, or OAuthAccessToken in case of OAuth 2.0.
- Extracts the access token from the callback URL and authenticates requests.
- Refreshes the access token when it expires.
- Saves OAuth values in OAuthSettingsLocation to be persisted across connections.
Authenticate to QuickBooks Online in a Web Application
If you are connecting via a Web application, you will need to register your own OAuth app with QuickBooks Online.
To obtain the access token, set the following connection properties:
- CompanyId: The unique identifier of a given company in QuickBooks Online.
- OAuthClientId: The consumer key in your app settings.
- OAuthClientSecret: The consumer secret in your app settings.
- CallbackURL: The Launch URL in your app settings.
- OAuthVersion: Set the OAuth version.
Customizing the SSL Configuration
By default, the provider attempts to negotiate SSL/TLS by checking the server's certificate against the system's trusted certificate store. To specify another certificate, see the SSLServerCert property for the available formats to do so.
Connecting Through a Firewall or Proxy
To connect through the Windows system proxy, you do not need to set any additional connection properties. To connect to other proxies, set ProxyAutoDetect to false.
In addition, to authenticate to an HTTP proxy, set ProxyAuthScheme, ProxyUser, and ProxyPassword, in addition to ProxyServer and ProxyPort.
Set the following properties:
- To use a proxy-based firewall, set FirewallType, FirewallServer, and FirewallPort.
- To tunnel the connection, set FirewallType to TUNNEL.
- To authenticate, specify FirewallUser and FirewallPassword.
- To authenticate to a SOCKS proxy, additionally set FirewallType to SOCKS5.
Troubleshooting the Connection
To show provider activity from query execution to network traffic, use Logfile and Verbosity. The examples of common connection errors below show how to use these properties to get more context. Contact the support team for help tracing the source of an error or circumventing a performance issue.
- Authentication errors: Typically, recording a Logfile at Verbosity 4 is necessary to get full details on an authentication error.
- Queries time out: A server that takes too long to respond will exceed the provider's client-side timeout. Often, setting the Timeout property to a higher value will avoid a connection error. Another option is to disable the timeout by setting the property to 0. Setting Verbosity to 2 will show where the time is being spent.
- The certificate presented by the server cannot be validated: This error indicates that the provider cannot validate the server's certificate through the chain of trust. If you are using a self-signed certificate, there is only one certificate in the chain.
To resolve this error, you must verify yourself that the certificate can be trusted and specify to the provider that you trust the certificate. One way you can specify that you trust a certificate is to add the certificate to the trusted system store; another is to set SSLServerCert.