QuickBooks API Integration: A Step-by-Step Guide for B2B SaaS Teams (2026)
February 26, 2026
QuickBooks Online (QBO) is one of the most widely used accounting platforms among SMBs and mid-market companies. If your SaaS touches invoicing, billing, expenses, payments, or financial reporting, a reliable QuickBooks API integration is often essential.
But building a production-grade integration involves more than creating invoices. You must handle OAuth correctly, manage token lifecycles, design for multi-tenant behavior, implement incremental sync, and respect rate limits per company.
This guide covers:
- How to integrate directly with the QuickBooks Online API
- The operational complexity you will own
- How to integrate QuickBooks using Unified's Accounting API
- When to build direct vs use an integration layer
If your product needs to support multiple accounting platforms, it helps to understand how accounting data models work across systems like QuickBooks, Xero, and NetSuite. Our guide on Accounting API Integration: Invoices, Bills, Transactions, and Financial Reporting Across Platforms explains the common objects and patterns used across accounting APIs.
Direct QuickBooks Online API Integration
Step 1: Create an Intuit Developer Account and App
Start at the Intuit Developer Portal.
Create an app and select the appropriate scope:
com.intuit.quickbooks.accounting(Accounting data: invoices, customers, payments, etc.)com.intuit.quickbooks.payment(QuickBooks Payments)
Most SaaS products require the Accounting scope at minimum.
When you create your app, Intuit provides:
- Client ID
- Client Secret
- Access to a sandbox company for testing
Intuit documents sandbox environments and base URLs in its official sandbox guide.
Step 2: Implement OAuth 2.0 (Authorization Code Flow)
QuickBooks Online uses OAuth 2.0 Authorization Code Flow.
Authorization URL pattern:
https://appcenter.intuit.com/connect/oauth2
?client_id=YOUR_CLIENT_ID
&redirect_uri=YOUR_REDIRECT_URI
&response_type=code
&scope=com.intuit.quickbooks.accounting
&state=RANDOM_STRING
After approval, Intuit redirects back with:
coderealmId(company ID — store this immediately)
Exchange the authorization code at:
https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer
Intuit's OAuth documentation outlines this flow and required headers.
Step 3: Token Lifecycle Management
QuickBooks token behavior:
- Access tokens expire in 1 hour
- Refresh tokens are valid up to 100 days (rolling expiration)
Operational requirements:
- Store
realmId,access_token,refresh_token, and expiry timestamps per connected company - Refresh access tokens automatically
- Always store the latest refresh token returned
- If refresh fails, require customer re-authorization
Token handling must be multi-tenant and encrypted at rest.
Step 4: Base URLs and Core Request Pattern
Production base URL:
https://quickbooks.api.intuit.com/v3/company/{realmId}/
Sandbox base URL:
https://sandbox-quickbooks.api.intuit.com/v3/company/{realmId}/
All requests require:
Authorization: Bearer {access_token}
Accept: application/json
Example: Fetch a customer
GET /v3/company/{realmId}/customer/{customerId}
Step 5: SQL-Like Query Endpoint
QuickBooks uses a SQL-like query syntax:
GET /v3/company/{realmId}/query?query=SELECT * FROM Customer ORDERBY FamilyName MAXRESULTS 100
This allows filtering and pagination using familiar SQL constructs.
Step 6: SyncToken (Optimistic Locking)
Every writable entity includes:
IdSyncToken
When updating an object, you must include the current SyncToken. If stale, QuickBooks rejects the update.
Practical pattern:
- Retrieve object
- Update with latest
SyncToken - Retry on version conflict
Step 7: Change Data Capture (CDC)
Instead of polling entire datasets, use CDC:
GET /v3/company/{realmId}/cdc?entities=Customer,Invoice,Payment&changedSince=2024-01-01T00:00:00Z
CDC returns only changed records and is the recommended incremental sync pattern.
Step 8: Webhooks
QuickBooks supports webhooks per app environment.
Key characteristics:
- One webhook endpoint per app
- Payload includes changed entities and affected
realmId - Must validate webhook signature using verifier token
Common architecture:
Webhook → queue job → call CDC → update internal data store
If you are deciding between polling and event-driven updates, our article Polling vs Webhooks: When to Use One Over the Other explains the operational trade-offs between periodic API reads and real-time event delivery.
Step 9: Rate Limits
Production limits:
- 500 requests per minute per
realmId - 10 concurrent requests per
realmId
Design implications:
- Queue per company
- Isolate failures per tenant
- Exponential backoff on 429 responses
Where QuickBooks Integrations Become Complex
Direct QuickBooks integrations require you to own:
- OAuth lifecycle and refresh token rotation
- Multi-tenant
realmIdscoping - SyncToken versioning
- CDC incremental sync design
- Webhook validation
- Chart-of-accounts mapping per customer
- Rate limit management per company
For a single internal workflow, this is manageable.
For a SaaS serving hundreds or thousands of QuickBooks companies, this becomes sustained infrastructure.
Integrating QuickBooks via Unified's Accounting API
If your roadmap includes QuickBooks plus other accounting platforms (Xero, Sage, NetSuite), maintaining provider-specific logic multiplies engineering overhead.
Unified provides a category-level Accounting API that standardizes common financial objects.
Step 1: Register OAuth for Unified
When integrating through Unified, configure your OAuth redirect URI in Intuit as:
https://api.unified.to/oauth/code
Unified's QuickBooks integration uses the same Accounting scope (com.intuit.quickbooks.accounting) alongside identity scopes (openid, email, profile).
Step 2: Activate QuickBooks in Unified
In your Unified workspace:
- Activate QuickBooks
- Enter Client ID and Client Secret
- Authorize the company
- Store the
connection_id
Step 3: Call Unified's Accounting API
Example: List invoices
GET https://api.unified.to/accounting/invoice/{connection_id}?limit=50
Authorization: Bearer YOUR_API_KEY
Example: Create invoice
POST https://api.unified.to/accounting/invoice/{connection_id}
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json
Unified supports Accounting objects including:
- Invoice (list, get, create, update, remove)
- Bill
- CreditMemo
- Payment
- Account
- Journal
- Transaction
- Contact
- PurchaseOrder
- Expense
- Reports (BalanceSheet, TrialBalance, ProfitLoss, CashFlow)
Unified also supports passthrough calls when you need provider-specific endpoints.
Step 4: Webhooks via Unified
Unified manages webhook handling and delivers standardized change events.
Instead of implementing QuickBooks webhook signature validation and CDC manually, you receive:
- Created events
- Updated events
- Deleted events
Using a consistent webhook payload model across providers.
Direct vs Unified — When to Choose Each
Build Directly If
- QuickBooks Online is your only accounting integration
- You require full provider-specific flexibility
- You want complete control over OAuth, CDC, and webhooks
Use Unified If
- You plan to support multiple accounting platforms
- You want standardized accounting objects
- You prefer not to manage OAuth lifecycle logic per provider
- You want consistent webhook handling across systems
- You want usage-based pricing instead of per-connection fees
Teams evaluating integration architecture often compare ETL pipelines, workflow platforms, and unified APIs. The article ETL vs iPaaS vs Unified API: Which Integration Platform Requires the Least Maintenance? breaks down how each approach affects long-term engineering overhead.
Final Thoughts
A QuickBooks API integration is often a purchasing requirement for SMB-focused SaaS products.
At the endpoint level, the API is straightforward.
At scale, the complexity lies in:
- OAuth lifecycle management
- Multi-tenant isolation
- SyncToken versioning
- CDC incremental sync
- Rate limit compliance
- Data mapping per customer
Choosing your integration architecture early determines how fast you ship and how much maintenance you own long term.