Introduction and Overview - Start here - Index

0) Top-Level Category​

Title: INTUIT DEVELOPER API · QUICKBOOKS
Desc: Everything QuickBooks Online (QBO) for developers: OAuth2, SDKs, webhooks, accounting objects, reporting, sync, multi-tenant security, and AI orchestration.

---

1) Onboarding & Credentials​

Desc: Start here: developer accounts, apps, keys, OAuth scopes, sandbox vs prod.


Thread prefixes (enable for this forum):
[GUIDE], [FAQ], [HELP], [SOLVED], [WARN]


Suggested tags: onboarding, app-creation, client-id, client-secret, redirect-uri, scopes, sandbox


Sticky 1 — [GUIDE] Quick Start: Create Your Intuit App (Step-By-Step)

1. Make/verify Intuit Developer account
2. Create an app → note Client ID/Secret
3. Add Redirect URI(s)
4. Enable QuickBooks Accounting scope(s)
5. Turn on Sandbox company
6. Save keys securely (secrets vault)
7. Test OAuth “Sign in with Intuit” flow
8. Connect Sandbox company (realmId)
9. Capture tokens; store with encryption + expiry
10. Post your success screenshot here

Sticky 2 — [FAQ] Common Setup Pitfalls

1. “Invalid redirect URI” → exact match required
2. “Missing scopes” → add com.intuit.quickbooks.accounting
3. “No realmId” after connect → user must pick a company
4. Sandbox rate limits → see forum #9
5. Rotate secrets quarterly; update CI/CD

---

2) OAuth2 & Identity​

Desc: Authorization code flow, token storage/refresh, multi-company linking.


Prefixes:

, [SECURITY], [HOWTO], [SOLVED]
[B]Tags:[/B] oauth2, refresh-token, access-token, realmId, PKCE, rotation


[B]Sticky — [SECURITY] Token Handling Blueprint[/B]


[LIST=1]
[*]Encrypt at rest (AES-256 + DPAPI/KMS)
[*]Store: access_token, refresh_token, expires_at, realmId, userId
[*]Refresh proactively at T-300s before expiry
[*]Per-tenant vaulting for multi-LLC
[*]Log token events (no secrets in logs)
[*]Revoke on member offboarding
[*]Back-channel rotate secrets monthly
[/LIST]

[B]Template — Bug Report (Copy/Paste):[/B]


[LIST=1]
[*]SDK/Language:
[*]Error text/code:
[*]Step where it fails:
[*]Last 20 lines of sanitized logs:
[*]What you expected vs saw:
[/LIST]

[HR][/HR]

[HEADING=2]3) SDKs & Libraries[/HEADING]

[B]Desc:[/B] Official/3P SDK usage (.NET, Node, Python, Java, PHP), raw REST.


[B]Prefixes:[/B] [DOTNET], [NODE], [PY], [JAVA], [PHP], [REST]
[B]Tags:[/B] Intuit.Ipp, QBO v3, HttpClient, axios, requests


[B]Sticky — [REST] Minimal Request Pattern[/B]


[LIST=1]
[*]Compose Authorization: Bearer {access_token}
[*]Base: https://quickbooks.api.intuit.com/v3/company/{realmId}/
[*]Accept: application/json
[*]Throttle retries (429 backoff)
[*]Correlate requests with x-request-id
[/LIST]

[HR][/HR]

[HEADING=2]4) Webhooks & Eventing[/HEADING]

[B]Desc:[/B] Subscriptions, signature verification, retries, idempotency.


[B]Prefixes:[/B] [WEBHOOK], [VERIFY], [RETRY], [ARCH]
[B]Tags:[/B] webhooks, hmac, signature, idempotency, retry, queue


[B]Sticky — [VERIFY] Webhook Signature Checklist[/B]


[LIST=1]
[*]Retrieve header signature
[*]Compute HMAC w/ client secret
[*]Constant-time compare
[*]Reject if drift > 5m
[*]Enqueue jobs (don’t process inline)
[*]Idempotency key per eventId
[/LIST]

[HR][/HR]

[HEADING=2]5) Accounting Objects (CRUD)[/HEADING]

[B]Desc:[/B] Customers, Invoices, Payments, Bills, Vendors, Items, Accounts, Classes/Locations.


[B]Prefixes:[/B] [CUSTOMER], [INVOICE], [PAYMENT], [BILL], [VENDOR], [ITEM], [ACCOUNT], [CLASS], [LOCATION]
[B]Tags:[/B] schema, validation, posting, void, delete, referenceType


[B]Sticky — [INVOICE] End-to-End Posting Flow[/B]


[LIST=1]
[*]Ensure Customer exists (or create)
[*]Ensure Item/Account mapping
[*]Build Invoice JSON lines with tax code
[*]POST Invoice → capture Id, SyncToken
[*]Optional: Email invoice via API
[*]Record Payment → link to Invoice
[*]Reconcile or leave open per policy
[/LIST]

[HR][/HR]

[HEADING=2]6) Reports & Queries (SQL-like)[/HEADING]

[B]Desc:[/B] QBO “Query” endpoint, standard reports (P&L, BS, A/R, A/P).


[B]Prefixes:[/B] [QUERY], [REPORT], [SQL]
[B]Tags:[/B] SELECT, WHERE, STARTPOSITION, MAXRESULTS, ProfitAndLoss, BalanceSheet


[B]Sticky — [QUERY] Cookbook[/B]


[LIST=1]
[*]List unpaid invoices (copy/paste sample)
[*]Top 50 customers by revenue
[*]Items with zero sales last 90d
[*]GL by Account for month-end
[*]Paginate with STARTPOSITION
[/LIST]

[HR][/HR]

[HEADING=2]7) Sync Patterns & ETL[/HEADING]

[B]Desc:[/B] Two-way sync, incremental updates, conflict resolution.


[B]Prefixes:[/B] [SYNC], [ETL], [DELTA], [MIRROR]
[B]Tags:[/B] CDC, updatedTime, SyncToken, upsert, mapping


[B]Sticky — [SYNC] Incremental Strategy[/B]


[LIST=1]
[*]Anchor timestamp (UTC)
[*]Pull changed entities since anchor
[*]Upsert into MDM
[*]Push deltas back w/ SyncToken checks
[*]Resolve conflicts by LastWriteWins or Rule
[*]Audit every mutation
[/LIST]

[HR][/HR]

[HEADING=2]8) Multi-Tenant & Security (LLCs)[/HEADING]

[B]Desc:[/B] One user → many LLCs/realmIds, isolation, permissions.


[B]Prefixes:[/B] [TENANT], [SECURITY], [POLICY]
[B]Tags:[/B] realmId-map, RBAC, vault, masking


[B]Sticky — [TENANT] Isolation Rules[/B]


[LIST=1]
[*]RealmId as first-class foreign key
[*]Separate token vault per LLC
[*]RBAC: Owner/Admin/Accountant/Viewer
[*]Mask PII beyond Accountant role
[*]Export per-LLC audit bundle
[/LIST]

[HR][/HR]

[HEADING=2]9) Rate Limits & Performance[/HEADING]

[B]Desc:[/B] Throttling, 429 handling, caching, batch.


[B]Prefixes:[/B] [429], [THROTTLE], [CACHE], [BATCH]
[B]Tags:[/B] exponential-backoff, jitter, queue, warm-cache


[B]Sticky — [PERF] Backoff & Retry[/B]


[LIST=1]
[*]429 → backoff 1s, 2s, 4s, 8s (+/- jitter)
[*]Circuit-break vendor outages
[*]Cache static refs (Items, Accounts)
[*]Queue long-running jobs
[/LIST]

[HR][/HR]

[HEADING=2]10) Testing & Sandboxes[/HEADING]

[B]Desc:[/B] Sandbox data, factories, fixtures, golden paths.


[B]Prefixes:[/B] [SANDBOX], [FIXTURE], [FACTORY], [MOCK]
[B]Tags:[/B] sample-data, fake, seed


[B]Sticky — [SANDBOX] Data Pack[/B]


[LIST=1]
[*]Seed 10 Customers, 10 Items
[*]Post 25 Invoices across 90d
[*]Create 10 Payments, 10 Bills
[*]Share anonymized JSON here
[/LIST]

[HR][/HR]

[HEADING=2]11) Errors & Troubleshooting[/HEADING]

[B]Desc:[/B] Error libraries, decoding, known issues.


[B]Prefixes:[/B] [ERROR], [STACK], [SOLVED], [KNOWN]
[B]Tags:[/B] 400, 401, 403, 404, 429, 500, validation, schema


[B]Sticky — [ERROR] Decoder Table[/B]


[LIST=1]
[*]400 Invalid Reference → missing Item/Account
[*]401 Token expired → refresh flow
[*]403 Scope missing → update app scopes
[*]429 Rate limit → see Forum #9
[*]500 Vendor outage → circuit break + status page
[/LIST]

[HR][/HR]

[HEADING=2]12) Billing, Compliance & Audit[/HEADING]

[B]Desc:[/B] Accounting controls, audit trails, exports, retention.


[B]Prefixes:[/B] [AUDIT], [POLICY], [SOX], [IRS]
[B]Tags:[/B] audit-log, retention, export, evidence


[B]Sticky — [AUDIT] What to Log[/B]


[LIST=1]
[*]Who/when/what entity
[*]Old vs new values (diff)
[*]Source (API, UI, bot)
[*]Correlation id
[*]Export PDF/CSV bundle monthly
[/LIST]

[HR][/HR]

[HEADING=2]13) Twilio · RabbitMQ · AI Orchestration[/HEADING]

[B]Desc:[/B] Human approvals by SMS, queues, agentic workflows.


[B]Prefixes:[/B] [TWILIO], [QUEUE], [AI], [PATTERN]
[B]Tags:[/B] sms-approval, webhook, mq, elders, governance


[B]Sticky — [PATTERN] “Text to Approve Invoice”[/B]


[LIST=1]
[*]Webhook receives SMS “APPROVE INV-123 $720”
[*]Validate sender → map to role
[*]Post Payment if policy passes
[*]Notify back with confirmation id
[*]Log into audit + ledger
[/LIST]

[HR][/HR]

[HEADING=2]14) Sample Apps & Starters[/HEADING]

[B]Desc:[/B] Minimal working examples to copy.


[B]Prefixes:[/B] [STARTER], [SAMPLE], [CLI], [WEB]
[B]Tags:[/B] quickstart, template, demo


[B]Sticky — [STARTER] Minimal REST Client Checklist[/B]


[LIST=1]
[*]OAuth success path
[*]GET /customer, POST /invoice
[*]Webhook verify handler
[*]Retry middleware
[*]README with env vars
[/LIST]

[HR][/HR]

[HEADING=2]15) Architecture Patterns[/HEADING]

[B]Desc:[/B] Reference designs: clean layers, MDM, CQRS, event-driven.


[B]Prefixes:[/B] [ARCH], [MDM], [CQRS], [DDD]
[B]Tags:[/B] layering, repository, service, governance


[B]Sticky — [ARCH] Golden Path Diagram (Text)[/B]


[LIST=1]
[*]UI/API → Service Layer → Repos
[*]Outbound: QBO REST, Webhooks in
[*]Queue for slow paths
[*]Vault for secrets
[*]Observability (logs, traces, metrics)
[/LIST]

[HR][/HR]

[HEADING=2]16) DevOps & Environments[/HEADING]

[B]Desc:[/B] CI/CD, secrets, environments, observability.


[B]Prefixes:[/B] [DEVOPS], [CI/CD], [SECRETS], [OBS]
[B]Tags:[/B] pipelines, vault, appsettings, telemetry


[B]Sticky — [DEVOPS] Release Checklist[/B]


[LIST=1]
[*]Rotate secrets, validate redirects
[*]Smoke OAuth in staging
[*]Run sandbox regression pack
[*]Enable webhooks in prod
[*]Confirm alerting on 401/429 spikes
[/LIST]

[HR][/HR]

[HEADING=2]17) Glossary & FAQs[/HEADING]

[B]Desc:[/B] RealmId, SyncToken, TxnTaxDetail, Class, Location, Term, etc.


[B]Prefixes:[/B] [GLOSSARY], [FAQ]
[B]Tags:[/B] definitions, concepts


[B]Sticky — [GLOSSARY] Core Terms[/B]


[LIST=1]
[*]realmId — company identifier
[*]SyncToken — optimistic concurrency token
[*]TxnTaxDetail — tax calc block
[*]Class vs Location — dimensional tags
[*]TxnDate vs MetaData.CreateTime
[/LIST]

[HR][/HR]

[HEADING=2]18) Show & Tell[/HEADING]

[B]Desc:[/B] Demos, screenshots, architecture wins.


[B]Prefixes:[/B] [DEMO], [WIN], [CASE]
[B]Tags:[/B] showcase, before-after, performance


[B]Sticky — [CASE] Post Your Wins[/B]


[LIST=1]
[*]Problem → 2. Design → 3. Result → 4. Metrics → 5. Lessons
[/LIST]

[HR][/HR]

[HEADING=2]19) Jobs & Partnerships[/HEADING]

[B]Desc:[/B] Hire/offer gigs, rev-share, integrations.


[B]Prefixes:[/B] [HIRE], [OFFER], [PARTNER]
[B]Tags:[/B] contract, revshare, RFP


[B]Sticky — [HIRE] Post Format[/B]


[LIST=1]
[*]Scope:
[*]Tech stack:
[*]Budget/range:
[*]Timeline:
[*]Contact:
[/LIST]

[HR][/HR]

[HEADING=2]20) Changelog & Vendor Notes[/HEADING]

[B]Desc:[/B] Track breaking changes, deprecations, outages.


[B]Prefixes:[/B] [CHANGE], [DEPRECATION], [OUTAGE]
[B]Tags:[/B] versioning, migration, notice


[B]Sticky — [CHANGELOG] Your Running Log[/B]


[LIST=1]
[*]Date / change / impact / action required
[*]Link to upstream release notes
[*]Internal owner ack
[/LIST]

[HR][/HR]

[HEADING=2]Global Tag Bank (add to XenForo tag manager)[/HEADING]

onboarding, oauth2, refresh-token, realmId, scopes, sandbox, Intuit.Ipp, REST, webhooks, signature, idempotency, invoice, payment, bill, vendor, item, account, class, location, report, query, PnL, BalanceSheet, sync, delta, cdc, tenant, rbac, 429, throttle, cache, sandbox-data, fixtures, error, validation, audit, retention, sms-approval, mq, ai, starter, template, mdm, cqrs, devops, secrets, observability, glossary, changelog


[HEADING=2]Global Thread Prefix Styles (use across forums)[/HEADING]

[GUIDE], [HOWTO], [FAQ], [HELP], [SOLVED], [WARN], [ARCH], [SECURITY], [SYNC], [SANDBOX], [ERROR], [CHANGE]


[HEADING=2]Moderator Rules (pin in #1 Onboarding)[/HEADING]

[LIST=1]
[*]Sanitize tokens/client secrets from posts
[*]Prefer minimal repros
[*]Mark [SOLVED] on resolution + post the fix
[*]Merge dupes; tag appropriately
[*]Escalate vendor-level issues to Changelog forum
[/LIST]

[HR][/HR]

[HEADING=3]How to deploy (manual, fast):[/HEADING]

[LIST=1]
[*]Create Category “INTUIT DEVELOPER API · QUICKBOOKS”
[*]Create each forum in order 1→20 with titles/descriptions above
[*]Add global prefixes & tag bank
[*]For each forum, create the sticky threads and paste the provided bodies
[*]Make Forum #1 the entry point; link to #2–#20
[/LIST]