Quickbooks integration with Rails can prove to be quite challenging. It seems the Quickbooks API has undergone significant changes over the years and as a new Quickbooks developer you’ll be using Oauth2 (as opposed to Oauth1).

Previous versions of the API used XML, whereas the current version uses JSON.

The most popular Ruby gem is quickbooks-ruby, however:

Intuit started the v3 API supporting both XML and JSON. However, new v3 API services such as Tax Service will only support JSON. This gem has roots in the v2 API, which was XML only, and hence was constructed supporting XML only.

That said, the Tax Service is supported and other new v3-API-JSON-only services will be supported. Ideally, we would like to fully support JSON for all entities and services for the 1.0.0 release. Please jump in and contribute to help that aim.


def this_is_a_test

The main problem with this gem is that oauth2 is currently not supported, however, it should be merged soon: quickbooks-ruby/issues/389

I think the oauth2 branch of quickbooks-ruby will use the oauth2 gem. Whereas the author of qbo_api prefers rack-oauth2

I really won’t bother trying to re-invent the wheel by rolling your own OAuth2 code. That said, the OAuth2 2-legged process is simpler than the 3-legged OAuth 1a process and if you do want to roll your own OAuth2 code take a look at Intuit’s Python example for a good starting point.

As for me, I’ll choose to leverage the Rack-OAuth2 gem as I like its ability to directly set endpoints.


You’re going to need to create a Quickbooks developer account, follow a guide such as: quick-start-quickbooks-online-rest-api-oauth-2-0

Putting it all together:

So I’m going to take parts from:

1. Initiating the authorization request

Initiate the OAuth 2 process by redirecting the user to Intuit’s OAuth 2.0 server. The response is sent to the redirect_uri that you specified in the request.

Sample code:

class QuickbooksController < ApplicationController
    def index

    def authenticate
        session[:state] = SecureRandom.uuid
        client = Quickbooks.new.oauth2_client
        grant_url = client.auth_code.authorize_url(response_type: "code", state: session[:state], scope: "com.intuit.quickbooks.accounting")
        redirect_to grant_url

2. Exchange code for refresh and access tokens

After the app receives the authorization code, it exchanges the authorization code for refresh and access tokens.

3. Refreshing the access token

Access tokens are valid for 3600 seconds (one hour), after which time you need to get a fresh one using the latest refresh_token returned to you from the previous request. When you request a fresh access token, always use the refresh token returned in the most recent token_endpoint response. Your previous refresh tokens expire 24 hours after you receive a new one. If an access_token is not requested during the current refresh_token 100 day lifetime, the refresh_token expires and access to the QuickBooks Online company terminates. As long as it hasn’t expired, the refresh_token can be reset as often as needed within a one year access window from the time the original access_token was generated. Access to the QuickBooks Online company terminates when the current refresh_token expires or at the end of the one year access window from the time the original access_token was generated, whichever is earlier. When access terminates, your app must ask the user to reauthorize the connection.

above taken from various parts of the Quickbooks OAuth 2.0 guide

4. Encryption

Encrypt and store the refresh token and realmId in persistent memory. Encrypt the refresh token with a symmetric algorithm (3DES or AES). AES is preferred. Store your AES key in your app, in a separate configuration file.

5. Moving to production