In this instruction blog, we will describe how to create OAuth 2.0 API keys in your QuickBooks account. These API keys are necessary in order to make API calls from ERPAG via Blockly scripts. The instructions show how the process itself currently looks. If in the meantime the design of the website we are describing changes, follow the steps described in the QuickBooks documentation. In essence, regardless of possible website design changes, the principle remains identical and you will easily find your way and follow this instruction.

Since OAuth 2.0 authorization is a system with almost the highest level of security, receiving API keys is much more complex than standard ones. Therefore it is necessary to follow the next steps:

  • First of all, you need to have a registered QuickBooks account with which you can access your data. This is the account you use to log into the QuickBooks service;
  • With your QuickBooks account log in to the QuickBooks Developer portal;
  • Through the QuickBooks Developer portal create your private application;
  • After creating the private app, fill in the parameters of the application that QuickBooks requires. After this, QuickBooks generates the necessary data (Client ID and Client Secret) for authorizing external applications (ERPAG, in this case).

Working with the QuickBooks Online

Let’s start from the beginning! First, create your QuickBooks online account. Once you have your own Intuit account, log into the developer portal on the following page: https://developer.intuit.com.

sign into quickbooks

After logging in, click on the “Dashboard“ option, as shown on the image below.

quickbooks online dashboard

The following step is creating a private application, by activating the „Create an app“ button.

quickbooks online create an app

Now it is necessary to follow the steps for creating a private app:

quickbooks online select platform

Enter the description (you can enter anything as a description). After that, select which API resources (scope) do you want to access. Finally, click on the „Create app“ button.

quickbooks online steps

After creating the application, you will get a window (pictured below) where you can see the description of your newly-created application. In case you have multiple applications, this is where you will select the wanted one.

quickbooks online applications

As you can see in the picture, you now have the option of individually setting the parameters of the application in two operating modes. The first is Developer Settings, which serves only for testing purposes in the Sandbox environment. Once you are sure that everything is set up and working properly, you can enter the necessary parameters in Production Settings as well.

Click on the “Keys & credentials” option. Here you will find your “Client ID” and “Client Secret” keys. In the “Redirect URIs” section you need to enter the link https://app.erpag.com/oauth2.aspx as shown in the image. You need to save the “Client ID” and “Client Secret” data to enter them in ERPAG later.

quickbooks online keys

Now your private Intuit QuickBooks application is ready for API calls that you will be able to create & call on your own from ERPAG.

Finally, it is necessary to create a new API authorization in ERPAG, with the parameters you just generated on the Intuit QuickBooks developer portal.

Working in ERPAG

Log into ERPAG and activate the option „Administration – Customization“ – „API Authorizations“.

erpag api authorizations

Select „ADD NEW“ – „OAuth 2.0“ option.

erpag add new oauth 2.0

For API calls to QuickBooks, it is necessary to first authorize the application. This means that you have to enter a large number of parameters that you can find on the following website: https://developer.intuit.com/app/developer/qbo/docs/develop/authentication-and-authorization/oauth-2.0.

You will find out that the basic setup of the authorization process itself requires you to study a large documentation. That’s why we at ERPAG have created Templates for several different services. Here you only need to enter two basic data, while the other parameters are filled in automatically. In case you need any modification, you can always correct the offered parameters afterward, but it must be according to the documentation of the service you want to authorize (in this case, QuickBooks).

By entering the “API authorization” form, go to “Template” and activate the „QuickBooks“ option as shown in the image.

erpag select qbo template

Entering Client ID and Client secret

Now it’s required to enter „Client ID“ and „Client Secret“ from QuickBooks. At the end, confirm the import.

erpag enter qbo keys

After import confirmation all required parameters will be automatically set up. Save the document.

erpag api authorization

As you can see from the picture, the document status is “NOT AUTHORIZED”. This means that we only entered the parameters, but the application is still not authorized. Now you need to activate the “Get a new Access Token” option to finally allow access to your QuickBooks online API service.

erpag get new access token

By activating the “Get a new Access Token” option you are starting the process of connecting ERPAG with QuickBooks through the OAuth 2.0 protocol, which requires you to log in to your QuickBooks account and allow access to your QuickBooks company.

After successful authorization, the status will be “AUTHORIZED”. If some of the input parameters are incorrect or you have quit the authorization, the status can be “AUTHORIZATION ERROR”.

erpag authorization status

Successful authorization considers that ERPAG received an authorization token and refresh token from QuickBooks, which looks as follows:

{
    "access_token": "eyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiZGlyIn0..tlAtZrCQqHxDF6X00qEmQ.3UAi3bfKEix1lBwab8nqt9AbRxcZsyhci1wtCYVeFhj802NWqGhT_0s39JamHpf3pR84jOVPqdcuI5s7aBAWoTeUucgnEWouHJ_sRaqumdKzmsgQ47_sIPC0_ZNMfIgGVX8Pd33uJTXqHTYUZpTSof0s4x76ZjnQuLkuuckZdtGywCAUvjKKCQoUtkJLNC1mhT7pqROHq67E9j0qx_EKBNj0JerXfnqOjJxsMoE0LlHwBCw04q2VJNdFfsQxuMwxmEKC8sIjtoXY30akyFNFodMZXL_HIcKLPjc2vyO_hDlV1SSRMDN1dEDaKiONiTd5gO8PqLWR78FETtoq8Tpq12C9fxoZLDpgEk6QIMOWiYMJOAR6rnxWQgGzRz86BIlrsj6i94zxp7wpNA",
    "token_type": "bearer",
    "x_refresh_token_expires_in": 8726400,
    "id_token": "DIwMTQiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiIzNTM3MGQ2Mi1jOGFkLTMzZjctYmEwZi04OTMxNjYyYjQ4ZGUiLCJhdWQiOlsiQUJPWVlRbk1SNHhuTmFxVUtPOVNGeFlkVXFLakZDUzdodEIwb3lOdGFpNENBaE1BcFoiXSwicmVhbG1pZCI6IjE5MzUxNDY0ODE4MzkwNCIsImF1dGhfdGltZSI6MTcxNDA0MjkyNSwiaXNzIjoiaHR0cHM6XC9cL29hdXRoLnBsYXRmb3JtLmludHVpdC5jb21cL29wXC92MSIsImV4cCI6MTcxNDA1MjU2MCwiaWF0IjoxNzE0MDQ4OTYwfQ.BmTKFjOR1URDv",
    "refresh_token": "AB1134ue634772360fdkn09HBzzJbh8987II55p5AnM2f",
    "expires_in": 3600,
    "realmId": "123456789012345"
}

The received access token is stored by ERPAG in your database. You can use it through Blockly scripts to make new API calls to QuickBooks according to your needs. Since the received token has a limited duration (expires_in in seconds) and if the token has expired, ERPAG will use the refresh token data to automatically receive a new access token. However, QuickBooks authorization is limited to a maximum of 100 days, meaning the refresh token expires after 100 days. In that case, ERPAG will not be able to automatically get a new access token, but you will have to click the “Get a new Access Token” button in ERPAG every 100 days to reauthorize.

Start NOW

Read More

Related Posts

How Great Inventory Software Can Help Fight Inflation

In today's rapidly fluctuating economy, businesses face the daunting challenge of fighting inflation. Rising costs can erode profits and disrupt operations, making it essential to adopt strategies that mitigate these impacts. One powerful tool in this battle is...

read more
​ERPAG API – Xero OAuth 2.0 authorization

​ERPAG API – Xero OAuth 2.0 authorization

In this instruction blog, we will describe how to create OAuth 2.0 API keys on your Xero account. These API keys are necessary in order to make API calls from ERPAG via Blockly scripts. The instructions show how the process itself currently looks. If in the meantime...

read more
​ERPAG API – Ecwid OAuth 2.0 authorization

​ERPAG API – Ecwid OAuth 2.0 authorization

This instruction blog will describe how to create OAuth 2.0 API keys on your Ecwid account. These API keys are necessary to make API calls from ERPAG via Blockly scripts. The instructions show how the process itself currently looks. If in the meantime the design of...

read more