Quickbooks API Connector Integration


I am trying to get quickbooks integrated via API connector, but have been running into issues. Below was what I have tried.

  1. Setup the API connector to do Oauth2 using user-agent flow. Below is how its set up.

Created a button and set up a login workflow to trigger user sign in via OAuth2 - Quickbook.
Received the below error when a login was attempted.


  1. Since sign in via social login did not work. I thought I’ll set it up manually.
    a. created a button to navigate to the auth URL when clicked. The server returned realmid and code.
    b. Setup a post call to retrieve access tokens using the generated code, but cannot manage to bypass the error. Below is how I have it setup currently.

This returned an error 400 - Invalid request.
Alternatively, I tried adding all the params in the body like so:

“grant_type”: “authorization_code”,
“code”: “AB1165891778372D4PgPpdfQMGQquhUneMfQbQ2wzYVHBF2UKg”,
“redirect_uri”: “https://getblogged.bubbleapps.io/api/1.1/oauth_redirect

I also tried adding the params in the URL as querystring. But nothing helped, it returned 400 - INvalid Request. The same thing works like a charm via a curl request and in postman.

I have currently run out of my wits and need help in setting this up. I specifically want to do this without a plugin :slight_smile: Here is the link to QB OAUth2 documentation in case needed.

Thank you in advance.

1 Like

Hey @rony.kris :wave:

I know the frustration. It took a few weeks to set up everything we needed in quickbooks after the initial connection. But at least getting the initial connection was a sigh of relief. Hope we can help you get there. :raised_hands:

Do you want your users to have a SSO through quickbooks using OAuth 2 User Agent Flow? Or do you want your current users to be able to link their quickbooks account?

1 Like

Thank you for responding. I did take a look at your post before posting, but couldn’t find anything different in mine. But I can definitely use some help here. Well, to answer your question; to begin with I’d do it for new users and eventually look at existing ones.

1 Like

Ok. So you probably don’t want to do the SSO way. I don’t think it could work easily for existing users.

I can try to help you with just linking their accounts even after they already have an account in Bubble.

I will see what I can do in between sessions since I’m already fully booked this week. Thanks for your patience. :blush:

Give me a moment to get to my computer and I will see what the difference might be.

My initial though was to remove the {} in the body at first. But let me check to see what my setup looks like. :blush:

1 Like

Appreciate that! If I could get the initial connection set I’d be good I guess. There isn’t a lot I’d be doing on QB.

1 Like

Sounds good. Let me see what I have set up. :raised_hands:

@rony.kris For the body try putting in this


Then use this instead of parameters. I know it doesn’t make sense, but when I do the parameters any other way it doesn’t seem to work. Let me know if that helps. :blush:

I am getting an Invalid Client error now :slight_smile: I have made sure the Client ID & secret in the request is correct.

Could you confirm if the authorization url would be something like this :


Also, I just realized that when the app opens the auth url (above), it retrieves the auth code and throws the error below

{“statusCode”:400,“body”:{“status”:“ERROR”,“message”:“Invalid state from oauth provider”}}

I can confirm the auth code sent is correct / working because I could use it to get access token via a curl POST request and in Postman.

Do you know what’s going on?

@rony.kris Hmm :thinking:

For the client ID and secret, you have encoded it correctly? No extra spaces in there? Sometimes when copying and pasting there might be an extra space. Just double check that too.

1 Like

Yes. I have tested the same string via curl and postman and it works.

Hey @rony.kris

I get the same exact error when I add an extra character or a space to the Authorization. Hmm :thinking: Maybe just try deleting it and adding it back again to be extra sure. :man_shrugging:

When I was checking mine, I put it in a text editor so I could see the whole value then pasted it from there. Besides that, everything else looks good so far. Once we get past this error there might be another one. We just won’t know until this error is fixed.

1 Like

I have validated the string, ensured there are not extra characters / spaces. Re-generated the base64 encoded string, but no luck. I still get the 401 invalid client error. Weird…

Anything else I could try?

Appreciate you brainstorming with me on this. Thank you very much.

1 Like

Here’s my settings. Very similar to @J805

Some things to consider
A) Be sure to have none/selfhandled in Auth part.
B) Better to start from a fresh new API and API Call. Sometimes, things get corrupted in API Connector from some field added/filled/deleted and same with the Auth part if this is not cleaned up totally. So better to start from a totally new API and call to be sure it’s not the case.
C)Don’t forget to also save the RealmID from the url with the returned code. This is needed in most call.


@Jici and @J805 - resetting the API connector got the POST call to work. Than you for jamming with me.

Any idea why I am been getting the error below after receiving the code and realm id?

{“statusCode”:400,“body”:{“status”:“ERROR”,“message”:“Invalid state from oauth provider”}}

1 Like

Can you share the whole api settings?

Here you go:

The auth url I am navigating to via a workflow is


API configuration:

Why don’t you use a page of your app for your redirect url? Normally you should point the redirect to a page and use Get data from page URL. One for code, one for RealmID.

Hey @rony.kris :wave:

So glad you got that working! :raised_hands:

The issue is with the state you are sending. Try sending a random string along as the state instead of state=state.

I would try that and see if it helps. It is for security reasons for you to check that it is the same state you are sending. Prevents cross traffic hacking. Does that make sense?

You can add a condition to check the state when it comes back to make sure it’s the same. First get it working without the error, then you can put the condition on there. :blush:

Quickbooks says:


Defines the state between your authorization request and the Intuit OAuth 2.0 Server response.

The state field is used for validation. It checks if the client (i.e. your app) gets the data back that it sent in the original request. Meaning, the state is maintained from send to response.

You can enter any string value for the state. The server should return the exact state : value pair sent in the original request.

Tip: We strongly recommend you include an anti-forgery token for the state and confirm it in the response. This prevents cross-site request forgery. Learn more about CSRF.


@J805 - changing the state got rid of that specific error but threw a different one

{“statusCode”:400,“body”:{“status”:“ERROR”,“message”:“Invalid id of redirect_ui”}}

@Jici - Made sense to create a separate page for redirection. This makes it all clear,

Thank you for jamming with me and helping me close this. Much appreciated!

1 Like

@rony.kris :wave:

That looks like a different error now. Not related to the state.

The redirect has to be the same redirect when you get the code and realm ID as well as when you do the other call to get the tokens.

Make sure both redirects are exactly the same.

Let me know if that helps. :blush: