SlideShare a Scribd company logo

OAuth for QuickBooks Online REST Services

Intuit Developer
Intuit Developer

Presented by Jarred Keneally at the Code Works events for Intuit Developer on May 17, 2016 in San Francisco and June 16, 2016 in London

Technology
1 of 26
Download to read offline
Intuit Developer Group Oauth for QuickBooks Online REST services JarredKeneally Intuit Developer Relations
Who’s in the room? 2 • What’s your role? - ProductManager - Engineer? • Worked with OAuth-authorized APIs before? - OAuth 1.0a? - OAuth 2.0? • What languages are you working in? - Java? - .NET? - NodeJS?
3 What is OAuth? Industry Standard in durableauthentication & authorization (AuthN & AuthZ) Token Provisioning,Use,Revocation Replacesprocesses thatinvolve you storing username+passwordfor services you do not provide Widely adopted,tested,and supported
4 How does OAuth work? When you create an App on developer.intuit.com you get an OAuth consumerkey & secret Use the consumerkey to get a requesttoken (server-to-servercall) Open a browserwindow to Intuit for the user to authorizethe token request Upon authorization by the user,a redirectcallback to your serverfrom the browserwindow provides a tokenVerifier When you get the token verifier,the responseshouldclose the popup window. Make server-to-servercallto exchangerequestTokenand tokenVerifierfor an accessTokenand accessTokenSecret
5 The OAuth Authorization Conversation
6 Why is OAuth “hard”? Oauth 1.0a was designed for potentially insecure communication channels Client and Serverneed to implementcryptographyto sign & verify every requestusing the token secret If you get the signature wrong,the requestis rejected You are signing a signature base string composed ofthe requestmethod,scheme,server,path,GET query parameters,and oauth parametersin the header(exceptthe oauth_signature parameteritself)in alphabeticalorder. • Example: GET&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacation.jpg%26oauth_consumer_key%3Ddpf43f3p2l4k 3l03%26oauth_nonce%3Dkllo9940pd9333jh%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1191242096%26oauth_token%3Dnnch734d00sl2jdk%26oauth_version%3D1.0%26size %3Doriginal • If you get the base string wrong, then the signature won’t match the base string calculated by the server and the request is rejected.
7 Libraries Help. A Lot Signpostlibrary (oauth.signpost.*) DevDefined.OAuth The “request”module (npm installrequest) PECL OAuth library or OAuthSimple oauth Gem Java .Net NodeJS PHP Ruby
8 Critical URLs RequestToken endpoint: https://oauth.intuit.com/oauth/v1/get_request_token UserAuthorizationURL:https://appcenter.intuit.com/Connect/Begin Access Tokenendpoint:https://oauth.intuit.com/oauth/v1/get_access_token You will typically need to configure any library you use with these three key endpoints. Reconnectendpoint:https://appcenter.intuit.com/api/v1/connection/reconnect Tokensexpire 180 days aftergrant Within 30 days of expiry,callthe reconnectAPIto ensure uninterruptedservicefor your users
9 Oauth Tokens & Secrets are “Top Secret” Data Yourclient credentials(ConsumerSecret)representthe ability to get a user to authorize access to their data thinking they are granting that access to you! If a black hatcan get your secret,they can use yourbrand to do bad things Your consumersecretshould alwaysbe encrypted when at-rest. An access token represents a long-term authorization foryourapp to accessa given user’s data unattended. Accesstoken and AccessToken Secretdata should*always*be stored in encrypted storageand the encryptionkey shouldnotbe stored in the same place! Access tokens& secrets shouldneverbe delivered to a browser Nevermake a call to ourAPIs directly from client-side Javascript For native client-side code in mobile devices:4-leggedOAuth
10 Connect to QuickBooks – The Client Side • We provide a JS library to help manage the flow - https://js.appcenter.intuit.com/Content/IA/intuit.ipp.anywhere-1.3.2.js - Call intuit.ipp.anywhere.setup(params) o Params is a dictionary withgrantURL,datasources object,andpayment options object o grantURL is the URL on your server to start the Oauth process - When Connect To QuickBooks button is clicked call intuit.ipp.anywhere.controller.onConnectToIntuitClicked() o Opens a new popup window o Initiates a sessionwithIntuit withthe parameters you suppliedregarding data sources needed, etc. o Redirects to your Grant URL o Your GrantURL redirects back to us for the user to authorize the connection o We redirect back to your callback URL withthe token verifier o Your response closes the popup window
11 Gotcha! Currentimplementationrestricts each app to one OAuth token per company! Same usergranting a token to the same app for the same company: • no error, previous token invalidated, new token granted. Differentuser granting a token to the same app for the same company: • Error! User informed that user X already subscribed to the app for this company, OAuth token is denied. We did this to preventtwo users from connecting the same app unaware ofeach other and creating duplicate data. There are legitimate use-cases for multiple tokens (i.e.multiple stores on an e-commercesite for differentregions),we’re consideringoptions.
12 Explore the OAuth Samples .NET: https://github.com/IntuitDeveloper/oauth-dotnet Java:https://github.com/IntuitDeveloper/oauth-java PHP: https://github.com/IntuitDeveloper/oauth-php NodeJS:https://www.npmjs.com/package/node-quickbooks npm installnode-quickbooks cd node_modules/node-quickbooks/example Ruby:https://github.com/ruckus/quickbooks-ruby
13 Putting it all together
14 Q & A Contact Us: @IntuitDeveloper @JarredKeneally developer.intuit.com
Oauth 1.0 15
Oauth 1.0a 16
Oauth 1.0a 17
• An elegant and cohesive ecosystem API - Envisioned as a graph - Consumed by 1P through an internal SDK - Experienced through projections • High degree of automation – architected for testability • Architecture - Domain variability expressed consistently through Json Schema • Accelerates decomposition through orchestrated graph queries and writes • Enables innovation, balancing speed with governance • Dog-fooding: identical functionality, quality, and availability for 1st, 2nd, and 3rd parties V4 Services Overview V4 3rd 2nd 1st 18
Putting it all together 19
V4 Endpoint V4 Decomposed Services Putting it all together – ideal V4 services state 20 Internal SDK V3 EndpointTranslation QBO UX Widgets (Mobile, Web, Future 3P) 1P 2P / 3P Official 3P SDKs (e.g. Java, .net, PHP) App / Integration App / Integration App / Integration Many (~50%) of our 3P developers also use SDKs. Our official 3P SDKs will evolve to support multiple API version interoperability. Many of our 3P developers write directly to rest APIs. Our 1P teams will make heavy use of an internal SDK that enforces internal best practices around building great offerings. Our translation infrastructure makes it possible to extend the lifetime of API versions – a tremendous developer benefit for 1P, 2P, and 3P personas. Accountin g Payroll Payments Money Movemen t & Risk Transactio ns ReportingCompany Accountan t Integratio ns Network Indirect Tax Inventory
21
V4 API Services Developer Benefit 22 QBO UX Widgets (Mobile,Web, Future 3P) V4 QBO Services App / Integration Complete and Consistent Foundation for Developers • 2P/3P Developers can do anything that the UI can do • All QBO uses the same services – so no more one-off behaviors • Apps enjoy the same reliability as core QBO V3 App V3 Endpoint V4 Endpoint V4 App Translation App Durability • API version translation means that developerinvestment is durable • No more deprecation cost for developers (and the QuickBooks team) QBO Services V4.1 Endpoint V4.1 App Translation QBO Services V4.n Endpoint V4.n App Translation QBO Services
Grow My Business Deliver Awesome Experiences Quickly Access New Connections Retention Active Connections Speed Time to Launch Value Integration Star Rating + + DEVELOPER SEGMENT 23
V4 is a graph V4 { companies: { bills: { vendor: { } } employees: { } vendors: { } items: { } } users: { … } } Root of the graph Has an array of companies Which has an array of bills … 24
Projections of the Graph V4 { companies: { bills: { vendor: { } } … REST GET https://v4.api.intuit.com/companies/1234/bills/1234/vendor BATCH POST https://v4.api.intuit.com/companies/1234/entities [{vendor}, {employee}, {bill1}, {bill2}, {query}] SIMPLE QUERY GET https://v4.api.intuit.com/companies/1234/bills?where=“vendor.name=J eff” GRAPH QUERY POST https://v4.api.intuit.com/graphql { company(id: “1234”) { bills(first: 100, where: “vendor.name=Jeff”) { edges { node { id txnDate } } } 25
Normalized to a Batch… Domains implement BATCH REST SIMPLE QUERY GRAPH QL Projections BATCH BATCH 26

Recommended

Intuit QuickBooks Payments API
Intuit QuickBooks Payments APIIntuit QuickBooks Payments API
Intuit QuickBooks Payments APIIntuit Developer
 
Deep Dive on the QuickBooks Online API and Intuit Developer Platform
Deep Dive on the QuickBooks Online API and Intuit Developer PlatformDeep Dive on the QuickBooks Online API and Intuit Developer Platform
Deep Dive on the QuickBooks Online API and Intuit Developer PlatformIntuit Developer
 
Business Impact (Nordic APIS April 2014)
Business Impact (Nordic APIS April 2014)Business Impact (Nordic APIS April 2014)
Business Impact (Nordic APIS April 2014)Nordic APIs
 
Executing on API Developer Experience
Executing on API Developer Experience Executing on API Developer Experience
Executing on API Developer Experience SmartBear
 
apidays LIVE Paris - Potential of API integrations, common traps and advices ...
apidays LIVE Paris - Potential of API integrations, common traps and advices ...apidays LIVE Paris - Potential of API integrations, common traps and advices ...
apidays LIVE Paris - Potential of API integrations, common traps and advices ...apidays
 
Transforming Your Business Through APIs
Transforming Your Business Through APIsTransforming Your Business Through APIs
Transforming Your Business Through APIsApigee | Google Cloud
 
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop Apigee | Google Cloud
 
Who Cares About APIs? (NordicAPIS April 2014)
Who Cares About APIs? (NordicAPIS April 2014)Who Cares About APIs? (NordicAPIS April 2014)
Who Cares About APIs? (NordicAPIS April 2014)Nordic APIs
 

Recommended

Intuit QuickBooks Payments API
Intuit QuickBooks Payments APIIntuit QuickBooks Payments API
Intuit QuickBooks Payments APIIntuit Developer
 
Deep Dive on the QuickBooks Online API and Intuit Developer Platform
Deep Dive on the QuickBooks Online API and Intuit Developer PlatformDeep Dive on the QuickBooks Online API and Intuit Developer Platform
Deep Dive on the QuickBooks Online API and Intuit Developer PlatformIntuit Developer
 
Business Impact (Nordic APIS April 2014)
Business Impact (Nordic APIS April 2014)Business Impact (Nordic APIS April 2014)
Business Impact (Nordic APIS April 2014)Nordic APIs
 
Executing on API Developer Experience
Executing on API Developer Experience Executing on API Developer Experience
Executing on API Developer Experience SmartBear
 
apidays LIVE Paris - Potential of API integrations, common traps and advices ...
apidays LIVE Paris - Potential of API integrations, common traps and advices ...apidays LIVE Paris - Potential of API integrations, common traps and advices ...
apidays LIVE Paris - Potential of API integrations, common traps and advices ...apidays
 
Transforming Your Business Through APIs
Transforming Your Business Through APIsTransforming Your Business Through APIs
Transforming Your Business Through APIsApigee | Google Cloud
 
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop Apigee | Google Cloud
 
Who Cares About APIs? (NordicAPIS April 2014)
Who Cares About APIs? (NordicAPIS April 2014)Who Cares About APIs? (NordicAPIS April 2014)
Who Cares About APIs? (NordicAPIS April 2014)Nordic APIs
 
Building an API Security Strategy
Building an API Security StrategyBuilding an API Security Strategy
Building an API Security StrategySmartBear
 
apidays LIVE Paris - Succeeding with API Programs by Kiran Nadgir
apidays LIVE Paris - Succeeding with API Programs by Kiran Nadgirapidays LIVE Paris - Succeeding with API Programs by Kiran Nadgir
apidays LIVE Paris - Succeeding with API Programs by Kiran Nadgirapidays
 
apidays LIVE Australia 2021 - Designing Embedded Platforms by Jeremy Glassenb...
apidays LIVE Australia 2021 - Designing Embedded Platforms by Jeremy Glassenb...apidays LIVE Australia 2021 - Designing Embedded Platforms by Jeremy Glassenb...
apidays LIVE Australia 2021 - Designing Embedded Platforms by Jeremy Glassenb...apidays
 
Gravitee API Management - Ahmet AYDIN
Gravitee API Management - Ahmet AYDIN Gravitee API Management - Ahmet AYDIN
Gravitee API Management - Ahmet AYDINkloia
 
Bigger, Better Business With OAuth
Bigger, Better Business With OAuthBigger, Better Business With OAuth
Bigger, Better Business With OAuthApigee | Google Cloud
 
A Definition of Done for DevSecOps
A Definition of Done for DevSecOpsA Definition of Done for DevSecOps
A Definition of Done for DevSecOpsGene Gotimer
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...CA API Management
 
Cloud Foundry Summit 2014: Introducing Cloud Foundry Integration for Eclipse
Cloud Foundry Summit 2014: Introducing Cloud Foundry Integration for EclipseCloud Foundry Summit 2014: Introducing Cloud Foundry Integration for Eclipse
Cloud Foundry Summit 2014: Introducing Cloud Foundry Integration for Eclipsedmbtr3
 
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge WorkshopI Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge WorkshopApigee | Google Cloud
 
Contract {Collaboration} Driven Development - APIdays Interface 2020
Contract {Collaboration} Driven Development - APIdays Interface 2020Contract {Collaboration} Driven Development - APIdays Interface 2020
Contract {Collaboration} Driven Development - APIdays Interface 2020Alianna Inzana
 
How to Achieve Agile API Security
How to Achieve Agile API SecurityHow to Achieve Agile API Security
How to Achieve Agile API SecurityApigee | Google Cloud
 
Apigee Edge: Intro to Microgateway
Apigee Edge: Intro to MicrogatewayApigee Edge: Intro to Microgateway
Apigee Edge: Intro to MicrogatewayApigee | Google Cloud
 
BDD Approach with Karate Framework in Service Tests
BDD Approach with Karate Framework in Service TestsBDD Approach with Karate Framework in Service Tests
BDD Approach with Karate Framework in Service Testskloia
 
apidays LIVE Jakarta - What will the next generation of API Portals look like...
apidays LIVE Jakarta - What will the next generation of API Portals look like...apidays LIVE Jakarta - What will the next generation of API Portals look like...
apidays LIVE Jakarta - What will the next generation of API Portals look like...apidays
 
Camunda BPM - Said Mengi
Camunda BPM - Said MengiCamunda BPM - Said Mengi
Camunda BPM - Said Mengikloia
 
APIs: The New Security Layer
APIs: The New Security LayerAPIs: The New Security Layer
APIs: The New Security LayerApigee | Google Cloud
 
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...apidays
 
apidays LIVE Paris - Interface Economy: The true potential of APIs by Kristof...
apidays LIVE Paris - Interface Economy: The true potential of APIs by Kristof...apidays LIVE Paris - Interface Economy: The true potential of APIs by Kristof...
apidays LIVE Paris - Interface Economy: The true potential of APIs by Kristof...apidays
 
INTERFACE, by apidays - A cloud-native approach for open banking in action b...
INTERFACE, by apidays - A cloud-native approach for open banking in action b...INTERFACE, by apidays - A cloud-native approach for open banking in action b...
INTERFACE, by apidays - A cloud-native approach for open banking in action b...apidays
 
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...apidays
 
Deconstructing API Security
Deconstructing API SecurityDeconstructing API Security
Deconstructing API SecurityAkana
 
eBook: The Appification of Small Business
eBook: The Appification of Small BusinesseBook: The Appification of Small Business
eBook: The Appification of Small BusinessIntuit Developer
 

More Related Content

What's hot

Building an API Security Strategy
Building an API Security StrategyBuilding an API Security Strategy
Building an API Security StrategySmartBear
 
apidays LIVE Paris - Succeeding with API Programs by Kiran Nadgir
apidays LIVE Paris - Succeeding with API Programs by Kiran Nadgirapidays LIVE Paris - Succeeding with API Programs by Kiran Nadgir
apidays LIVE Paris - Succeeding with API Programs by Kiran Nadgirapidays
 
apidays LIVE Australia 2021 - Designing Embedded Platforms by Jeremy Glassenb...
apidays LIVE Australia 2021 - Designing Embedded Platforms by Jeremy Glassenb...apidays LIVE Australia 2021 - Designing Embedded Platforms by Jeremy Glassenb...
apidays LIVE Australia 2021 - Designing Embedded Platforms by Jeremy Glassenb...apidays
 
Gravitee API Management - Ahmet AYDIN
Gravitee API Management - Ahmet AYDIN Gravitee API Management - Ahmet AYDIN
Gravitee API Management - Ahmet AYDINkloia
 
A Definition of Done for DevSecOps
A Definition of Done for DevSecOpsA Definition of Done for DevSecOps
A Definition of Done for DevSecOpsGene Gotimer
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...CA API Management
 
Cloud Foundry Summit 2014: Introducing Cloud Foundry Integration for Eclipse
Cloud Foundry Summit 2014: Introducing Cloud Foundry Integration for EclipseCloud Foundry Summit 2014: Introducing Cloud Foundry Integration for Eclipse
Cloud Foundry Summit 2014: Introducing Cloud Foundry Integration for Eclipsedmbtr3
 
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge WorkshopI Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge WorkshopApigee | Google Cloud
 
Contract {Collaboration} Driven Development - APIdays Interface 2020
Contract {Collaboration} Driven Development - APIdays Interface 2020Contract {Collaboration} Driven Development - APIdays Interface 2020
Contract {Collaboration} Driven Development - APIdays Interface 2020Alianna Inzana
 
BDD Approach with Karate Framework in Service Tests
BDD Approach with Karate Framework in Service TestsBDD Approach with Karate Framework in Service Tests
BDD Approach with Karate Framework in Service Testskloia
 
apidays LIVE Jakarta - What will the next generation of API Portals look like...
apidays LIVE Jakarta - What will the next generation of API Portals look like...apidays LIVE Jakarta - What will the next generation of API Portals look like...
apidays LIVE Jakarta - What will the next generation of API Portals look like...apidays
 
Camunda BPM - Said Mengi
Camunda BPM - Said MengiCamunda BPM - Said Mengi
Camunda BPM - Said Mengikloia
 
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...apidays
 
apidays LIVE Paris - Interface Economy: The true potential of APIs by Kristof...
apidays LIVE Paris - Interface Economy: The true potential of APIs by Kristof...apidays LIVE Paris - Interface Economy: The true potential of APIs by Kristof...
apidays LIVE Paris - Interface Economy: The true potential of APIs by Kristof...apidays
 
INTERFACE, by apidays - A cloud-native approach for open banking in action b...
INTERFACE, by apidays - A cloud-native approach for open banking in action b...INTERFACE, by apidays - A cloud-native approach for open banking in action b...
INTERFACE, by apidays - A cloud-native approach for open banking in action b...apidays
 
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...apidays
 

What's hot (20)

Building an API Security Strategy
Building an API Security StrategyBuilding an API Security Strategy
Building an API Security Strategy
 
apidays LIVE Paris - Succeeding with API Programs by Kiran Nadgir
apidays LIVE Paris - Succeeding with API Programs by Kiran Nadgirapidays LIVE Paris - Succeeding with API Programs by Kiran Nadgir
apidays LIVE Paris - Succeeding with API Programs by Kiran Nadgir
 
apidays LIVE Australia 2021 - Designing Embedded Platforms by Jeremy Glassenb...
apidays LIVE Australia 2021 - Designing Embedded Platforms by Jeremy Glassenb...apidays LIVE Australia 2021 - Designing Embedded Platforms by Jeremy Glassenb...
apidays LIVE Australia 2021 - Designing Embedded Platforms by Jeremy Glassenb...
 
Gravitee API Management - Ahmet AYDIN
Gravitee API Management - Ahmet AYDIN Gravitee API Management - Ahmet AYDIN
Gravitee API Management - Ahmet AYDIN
 
Bigger, Better Business With OAuth
Bigger, Better Business With OAuthBigger, Better Business With OAuth
Bigger, Better Business With OAuth
 
A Definition of Done for DevSecOps
A Definition of Done for DevSecOpsA Definition of Done for DevSecOps
A Definition of Done for DevSecOps
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
 
Cloud Foundry Summit 2014: Introducing Cloud Foundry Integration for Eclipse
Cloud Foundry Summit 2014: Introducing Cloud Foundry Integration for EclipseCloud Foundry Summit 2014: Introducing Cloud Foundry Integration for Eclipse
Cloud Foundry Summit 2014: Introducing Cloud Foundry Integration for Eclipse
 
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge WorkshopI Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
 
Contract {Collaboration} Driven Development - APIdays Interface 2020
Contract {Collaboration} Driven Development - APIdays Interface 2020Contract {Collaboration} Driven Development - APIdays Interface 2020
Contract {Collaboration} Driven Development - APIdays Interface 2020
 
How to Achieve Agile API Security
How to Achieve Agile API SecurityHow to Achieve Agile API Security
How to Achieve Agile API Security
 
Apigee Edge: Intro to Microgateway
Apigee Edge: Intro to MicrogatewayApigee Edge: Intro to Microgateway
Apigee Edge: Intro to Microgateway
 
BDD Approach with Karate Framework in Service Tests
BDD Approach with Karate Framework in Service TestsBDD Approach with Karate Framework in Service Tests
BDD Approach with Karate Framework in Service Tests
 
apidays LIVE Jakarta - What will the next generation of API Portals look like...
apidays LIVE Jakarta - What will the next generation of API Portals look like...apidays LIVE Jakarta - What will the next generation of API Portals look like...
apidays LIVE Jakarta - What will the next generation of API Portals look like...
 
Camunda BPM - Said Mengi
Camunda BPM - Said MengiCamunda BPM - Said Mengi
Camunda BPM - Said Mengi
 
APIs: The New Security Layer
APIs: The New Security LayerAPIs: The New Security Layer
APIs: The New Security Layer
 
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
APIdays Paris 2019 - API Security Tips for Developers by Isabelle Mauny, 42Cr...
 
apidays LIVE Paris - Interface Economy: The true potential of APIs by Kristof...
apidays LIVE Paris - Interface Economy: The true potential of APIs by Kristof...apidays LIVE Paris - Interface Economy: The true potential of APIs by Kristof...
apidays LIVE Paris - Interface Economy: The true potential of APIs by Kristof...
 
INTERFACE, by apidays - A cloud-native approach for open banking in action b...
INTERFACE, by apidays - A cloud-native approach for open banking in action b...INTERFACE, by apidays - A cloud-native approach for open banking in action b...
INTERFACE, by apidays - A cloud-native approach for open banking in action b...
 
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
 

Viewers also liked

Deconstructing API Security
Deconstructing API SecurityDeconstructing API Security
Deconstructing API SecurityAkana
 
eBook: The Appification of Small Business
eBook: The Appification of Small BusinesseBook: The Appification of Small Business
eBook: The Appification of Small BusinessIntuit Developer
 
Informatiebeveiliging: Modellen Raamwerken Methodes
Informatiebeveiliging: Modellen Raamwerken MethodesInformatiebeveiliging: Modellen Raamwerken Methodes
Informatiebeveiliging: Modellen Raamwerken MethodesLeon Kuunders
 
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAkana
 
Layer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTLayer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTCA API Management
 
Lessons of the Past: Intuit
Lessons of the Past: IntuitLessons of the Past: Intuit
Lessons of the Past: IntuitVergil Shi
 
Intuit We Care and Give Back by Kara DeFrias
Intuit We Care and Give Back by Kara DeFriasIntuit We Care and Give Back by Kara DeFrias
Intuit We Care and Give Back by Kara DeFriasKara DeFrias
 
QuickBooks Connect 2016 - Implementing analytic and optimization tools on you...
QuickBooks Connect 2016 - Implementing analytic and optimization tools on you...QuickBooks Connect 2016 - Implementing analytic and optimization tools on you...
QuickBooks Connect 2016 - Implementing analytic and optimization tools on you...Intuit Developer
 
QuickBooks Connect 2015: Hackathon Kickoff
QuickBooks Connect 2015: Hackathon KickoffQuickBooks Connect 2015: Hackathon Kickoff
QuickBooks Connect 2015: Hackathon KickoffIntuit Developer
 
What Lawyers Can Learn From Accountants and their Journey to the Cloud
What Lawyers Can Learn From Accountants and their Journey to the CloudWhat Lawyers Can Learn From Accountants and their Journey to the Cloud
What Lawyers Can Learn From Accountants and their Journey to the CloudIntuit Developer
 
Running a Business is No Small Feat!
Running a Business is No Small Feat!Running a Business is No Small Feat!
Running a Business is No Small Feat!Intuit Developer
 
From Idea to Successful App
From Idea to Successful AppFrom Idea to Successful App
From Idea to Successful AppIntuit Developer
 
“Build it and They Will Come” May Not Work: Investing Early in Developer Success
“Build it and They Will Come” May Not Work: Investing Early in Developer Success“Build it and They Will Come” May Not Work: Investing Early in Developer Success
“Build it and They Will Come” May Not Work: Investing Early in Developer SuccessIntuit Developer
 
QuickBooks Connect 2016 - Marketing your app: learn from your developer peers
QuickBooks Connect 2016 - Marketing your app: learn from your developer peersQuickBooks Connect 2016 - Marketing your app: learn from your developer peers
QuickBooks Connect 2016 - Marketing your app: learn from your developer peersIntuit Developer
 
QuickBooks Connect 2016 - Building your first QuickBooks App integration
QuickBooks Connect 2016 - Building your first QuickBooks App integrationQuickBooks Connect 2016 - Building your first QuickBooks App integration
QuickBooks Connect 2016 - Building your first QuickBooks App integrationIntuit Developer
 
QuickBooks Connect 2016 - How small business can benefit from developer innov...
QuickBooks Connect 2016 - How small business can benefit from developer innov...QuickBooks Connect 2016 - How small business can benefit from developer innov...
QuickBooks Connect 2016 - How small business can benefit from developer innov...Intuit Developer
 
QuickBooks Connect 2015: VIP Developer Session
QuickBooks Connect 2015: VIP Developer SessionQuickBooks Connect 2015: VIP Developer Session
QuickBooks Connect 2015: VIP Developer SessionIntuit Developer
 
QuickBooks Connect 2016 - The 12 golden rules for building products that cust...
QuickBooks Connect 2016 - The 12 golden rules for building products that cust...QuickBooks Connect 2016 - The 12 golden rules for building products that cust...
QuickBooks Connect 2016 - The 12 golden rules for building products that cust...Intuit Developer
 

Viewers also liked (20)

Deconstructing API Security
Deconstructing API SecurityDeconstructing API Security
Deconstructing API Security
 
eBook: The Appification of Small Business
eBook: The Appification of Small BusinesseBook: The Appification of Small Business
eBook: The Appification of Small Business
 
Securing api with_o_auth2
Securing api with_o_auth2Securing api with_o_auth2
Securing api with_o_auth2
 
Informatiebeveiliging: Modellen Raamwerken Methodes
Informatiebeveiliging: Modellen Raamwerken MethodesInformatiebeveiliging: Modellen Raamwerken Methodes
Informatiebeveiliging: Modellen Raamwerken Methodes
 
REST Basics
REST BasicsREST Basics
REST Basics
 
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
 
Layer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & RESTLayer 7 & Oracle: Cyber Defense for SOA & REST
Layer 7 & Oracle: Cyber Defense for SOA & REST
 
Lessons of the Past: Intuit
Lessons of the Past: IntuitLessons of the Past: Intuit
Lessons of the Past: Intuit
 
Intuit We Care and Give Back by Kara DeFrias
Intuit We Care and Give Back by Kara DeFriasIntuit We Care and Give Back by Kara DeFrias
Intuit We Care and Give Back by Kara DeFrias
 
QuickBooks Connect 2016 - Implementing analytic and optimization tools on you...
QuickBooks Connect 2016 - Implementing analytic and optimization tools on you...QuickBooks Connect 2016 - Implementing analytic and optimization tools on you...
QuickBooks Connect 2016 - Implementing analytic and optimization tools on you...
 
QuickBooks Connect 2015: Hackathon Kickoff
QuickBooks Connect 2015: Hackathon KickoffQuickBooks Connect 2015: Hackathon Kickoff
QuickBooks Connect 2015: Hackathon Kickoff
 
What Lawyers Can Learn From Accountants and their Journey to the Cloud
What Lawyers Can Learn From Accountants and their Journey to the CloudWhat Lawyers Can Learn From Accountants and their Journey to the Cloud
What Lawyers Can Learn From Accountants and their Journey to the Cloud
 
Running a Business is No Small Feat!
Running a Business is No Small Feat!Running a Business is No Small Feat!
Running a Business is No Small Feat!
 
From Idea to Successful App
From Idea to Successful AppFrom Idea to Successful App
From Idea to Successful App
 
“Build it and They Will Come” May Not Work: Investing Early in Developer Success
“Build it and They Will Come” May Not Work: Investing Early in Developer Success“Build it and They Will Come” May Not Work: Investing Early in Developer Success
“Build it and They Will Come” May Not Work: Investing Early in Developer Success
 
QuickBooks Connect 2016 - Marketing your app: learn from your developer peers
QuickBooks Connect 2016 - Marketing your app: learn from your developer peersQuickBooks Connect 2016 - Marketing your app: learn from your developer peers
QuickBooks Connect 2016 - Marketing your app: learn from your developer peers
 
QuickBooks Connect 2016 - Building your first QuickBooks App integration
QuickBooks Connect 2016 - Building your first QuickBooks App integrationQuickBooks Connect 2016 - Building your first QuickBooks App integration
QuickBooks Connect 2016 - Building your first QuickBooks App integration
 
QuickBooks Connect 2016 - How small business can benefit from developer innov...
QuickBooks Connect 2016 - How small business can benefit from developer innov...QuickBooks Connect 2016 - How small business can benefit from developer innov...
QuickBooks Connect 2016 - How small business can benefit from developer innov...
 
QuickBooks Connect 2015: VIP Developer Session
QuickBooks Connect 2015: VIP Developer SessionQuickBooks Connect 2015: VIP Developer Session
QuickBooks Connect 2015: VIP Developer Session
 
QuickBooks Connect 2016 - The 12 golden rules for building products that cust...
QuickBooks Connect 2016 - The 12 golden rules for building products that cust...QuickBooks Connect 2016 - The 12 golden rules for building products that cust...
QuickBooks Connect 2016 - The 12 golden rules for building products that cust...
 

Similar to OAuth for QuickBooks Online REST Services

User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...Amazon Web Services
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell
 
Identiverse - Microservices Security
Identiverse - Microservices SecurityIdentiverse - Microservices Security
Identiverse - Microservices SecurityBertrand Carlier
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
 
EduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and ImplementationEduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and ImplementationChristian Glahn
 
Developing Chatbots with Google DialogFlow
Developing Chatbots with Google DialogFlowDeveloping Chatbots with Google DialogFlow
Developing Chatbots with Google DialogFlowEveristus Olumese
 
#1922 rest-push2 ap-im-v6
#1922 rest-push2 ap-im-v6#1922 rest-push2 ap-im-v6
#1922 rest-push2 ap-im-v6Jack Carnes
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
Implementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringImplementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringVMware Tanzu
 
Webapp security (with notes)
Webapp security (with notes)Webapp security (with notes)
Webapp security (with notes)Igor Bossenko
 
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...APIsecure_ Official
 
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Hitachi, Ltd. OSS Solution Center.
 
Introduction to Backend Development (1).pptx
Introduction to Backend Development (1).pptxIntroduction to Backend Development (1).pptx
Introduction to Backend Development (1).pptxOsuGodbless
 
Integrating consumers IoT devices into Business Workflow
Integrating consumers IoT devices into Business WorkflowIntegrating consumers IoT devices into Business Workflow
Integrating consumers IoT devices into Business WorkflowYakov Fain
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedCalvin Noronha
 
Best Practices for Application Development with Box
Best Practices for Application Development with BoxBest Practices for Application Development with Box
Best Practices for Application Development with BoxJonathan LeBlanc
 
MuleSoft Surat Virtual Meetup#25 - Anypoint Platform Features and Capabilitie...
MuleSoft Surat Virtual Meetup#25 - Anypoint Platform Features and Capabilitie...MuleSoft Surat Virtual Meetup#25 - Anypoint Platform Features and Capabilitie...
MuleSoft Surat Virtual Meetup#25 - Anypoint Platform Features and Capabilitie...Jitendra Bafna
 
Securing web applications
Securing web applicationsSecuring web applications
Securing web applicationsSupreme O
 

Similar to OAuth for QuickBooks Online REST Services (20)

User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
 
Identiverse - Microservices Security
Identiverse - Microservices SecurityIdentiverse - Microservices Security
Identiverse - Microservices Security
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
 
EduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and ImplementationEduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and Implementation
 
presentation_finals
presentation_finalspresentation_finals
presentation_finals
 
Developing Chatbots with Google DialogFlow
Developing Chatbots with Google DialogFlowDeveloping Chatbots with Google DialogFlow
Developing Chatbots with Google DialogFlow
 
#1922 rest-push2 ap-im-v6
#1922 rest-push2 ap-im-v6#1922 rest-push2 ap-im-v6
#1922 rest-push2 ap-im-v6
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
 
Implementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringImplementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with Spring
 
Webapp security (with notes)
Webapp security (with notes)Webapp security (with notes)
Webapp security (with notes)
 
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
 
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?
 
Introduction to Backend Development (1).pptx
Introduction to Backend Development (1).pptxIntroduction to Backend Development (1).pptx
Introduction to Backend Development (1).pptx
 
Integrating consumers IoT devices into Business Workflow
Integrating consumers IoT devices into Business WorkflowIntegrating consumers IoT devices into Business Workflow
Integrating consumers IoT devices into Business Workflow
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
 
API Security with OAuth2.0.
API Security with OAuth2.0.API Security with OAuth2.0.
API Security with OAuth2.0.
 
Best Practices for Application Development with Box
Best Practices for Application Development with BoxBest Practices for Application Development with Box
Best Practices for Application Development with Box
 
MuleSoft Surat Virtual Meetup#25 - Anypoint Platform Features and Capabilitie...
MuleSoft Surat Virtual Meetup#25 - Anypoint Platform Features and Capabilitie...MuleSoft Surat Virtual Meetup#25 - Anypoint Platform Features and Capabilitie...
MuleSoft Surat Virtual Meetup#25 - Anypoint Platform Features and Capabilitie...
 
Securing web applications
Securing web applicationsSecuring web applications
Securing web applications
 

More from Intuit Developer

Building the Next Generation of QuickBooks App Integrations, QuickBooks Conne...
Building the Next Generation of QuickBooks App Integrations, QuickBooks Conne...Building the Next Generation of QuickBooks App Integrations, QuickBooks Conne...
Building the Next Generation of QuickBooks App Integrations, QuickBooks Conne...Intuit Developer
 
Anatomy of a Quality App, QuickBooks Connect 2017
Anatomy of a Quality App, QuickBooks Connect 2017Anatomy of a Quality App, QuickBooks Connect 2017
Anatomy of a Quality App, QuickBooks Connect 2017Intuit Developer
 
The Momentum of QuickBooks Developers: the Road to Success, QuickBooks Connec...
The Momentum of QuickBooks Developers: the Road to Success, QuickBooks Connec...The Momentum of QuickBooks Developers: the Road to Success, QuickBooks Connec...
The Momentum of QuickBooks Developers: the Road to Success, QuickBooks Connec...Intuit Developer
 
From Idea to Published App, QuickBooks Connect 2017
From Idea to Published App, QuickBooks Connect 2017From Idea to Published App, QuickBooks Connect 2017
From Idea to Published App, QuickBooks Connect 2017Intuit Developer
 
Data Integrations that Delight! QuickBooks Connect San Jose 2017
Data Integrations that Delight! QuickBooks Connect San Jose 2017Data Integrations that Delight! QuickBooks Connect San Jose 2017
Data Integrations that Delight! QuickBooks Connect San Jose 2017Intuit Developer
 
50 Niche Apps in 50 Minutes
50 Niche Apps in 50 Minutes50 Niche Apps in 50 Minutes
50 Niche Apps in 50 MinutesIntuit Developer
 
VIP Developer Day Kick Off - QuickBooks Connect Sydney 2017
VIP Developer Day Kick Off - QuickBooks Connect Sydney 2017VIP Developer Day Kick Off - QuickBooks Connect Sydney 2017
VIP Developer Day Kick Off - QuickBooks Connect Sydney 2017Intuit Developer
 
Developer Day Tech Session at QuickBooks Connect Sydney 2017
Developer Day Tech Session at QuickBooks Connect Sydney 2017Developer Day Tech Session at QuickBooks Connect Sydney 2017
Developer Day Tech Session at QuickBooks Connect Sydney 2017Intuit Developer
 
QuickBooks Connect 2016 - Using WebHooks to handle data changes in your app
QuickBooks Connect 2016 - Using WebHooks to handle data changes in your appQuickBooks Connect 2016 - Using WebHooks to handle data changes in your app
QuickBooks Connect 2016 - Using WebHooks to handle data changes in your appIntuit Developer
 
QuickBooks Connect 2016 - Designing for mobile
QuickBooks Connect 2016 - Designing for mobileQuickBooks Connect 2016 - Designing for mobile
QuickBooks Connect 2016 - Designing for mobileIntuit Developer
 
QuickBooks Connect 2016 - Building a global app: understanding the Global Tax...
QuickBooks Connect 2016 - Building a global app: understanding the Global Tax...QuickBooks Connect 2016 - Building a global app: understanding the Global Tax...
QuickBooks Connect 2016 - Building a global app: understanding the Global Tax...Intuit Developer
 
Developing Apps on The QuickBooks Platform
Developing Apps on The QuickBooks PlatformDeveloping Apps on The QuickBooks Platform
Developing Apps on The QuickBooks PlatformIntuit Developer
 
Citi Accelerator Meetup 6/22/15
Citi Accelerator Meetup 6/22/15Citi Accelerator Meetup 6/22/15
Citi Accelerator Meetup 6/22/15Intuit Developer
 
Harmony, Sandbox, and You: Intuit Developer Webinar, January 2015
Harmony, Sandbox, and You: Intuit Developer Webinar, January 2015Harmony, Sandbox, and You: Intuit Developer Webinar, January 2015
Harmony, Sandbox, and You: Intuit Developer Webinar, January 2015Intuit Developer
 
How to Pitch an App at a Hackathon
How to Pitch an App at a HackathonHow to Pitch an App at a Hackathon
How to Pitch an App at a HackathonIntuit Developer
 
Small Business Web and Open APIs
Small Business Web and Open APIsSmall Business Web and Open APIs
Small Business Web and Open APIsIntuit Developer
 

More from Intuit Developer (16)

Building the Next Generation of QuickBooks App Integrations, QuickBooks Conne...
Building the Next Generation of QuickBooks App Integrations, QuickBooks Conne...Building the Next Generation of QuickBooks App Integrations, QuickBooks Conne...
Building the Next Generation of QuickBooks App Integrations, QuickBooks Conne...
 
Anatomy of a Quality App, QuickBooks Connect 2017
Anatomy of a Quality App, QuickBooks Connect 2017Anatomy of a Quality App, QuickBooks Connect 2017
Anatomy of a Quality App, QuickBooks Connect 2017
 
The Momentum of QuickBooks Developers: the Road to Success, QuickBooks Connec...
The Momentum of QuickBooks Developers: the Road to Success, QuickBooks Connec...The Momentum of QuickBooks Developers: the Road to Success, QuickBooks Connec...
The Momentum of QuickBooks Developers: the Road to Success, QuickBooks Connec...
 
From Idea to Published App, QuickBooks Connect 2017
From Idea to Published App, QuickBooks Connect 2017From Idea to Published App, QuickBooks Connect 2017
From Idea to Published App, QuickBooks Connect 2017
 
Data Integrations that Delight! QuickBooks Connect San Jose 2017
Data Integrations that Delight! QuickBooks Connect San Jose 2017Data Integrations that Delight! QuickBooks Connect San Jose 2017
Data Integrations that Delight! QuickBooks Connect San Jose 2017
 
50 Niche Apps in 50 Minutes
50 Niche Apps in 50 Minutes50 Niche Apps in 50 Minutes
50 Niche Apps in 50 Minutes
 
VIP Developer Day Kick Off - QuickBooks Connect Sydney 2017
VIP Developer Day Kick Off - QuickBooks Connect Sydney 2017VIP Developer Day Kick Off - QuickBooks Connect Sydney 2017
VIP Developer Day Kick Off - QuickBooks Connect Sydney 2017
 
Developer Day Tech Session at QuickBooks Connect Sydney 2017
Developer Day Tech Session at QuickBooks Connect Sydney 2017Developer Day Tech Session at QuickBooks Connect Sydney 2017
Developer Day Tech Session at QuickBooks Connect Sydney 2017
 
QuickBooks Connect 2016 - Using WebHooks to handle data changes in your app
QuickBooks Connect 2016 - Using WebHooks to handle data changes in your appQuickBooks Connect 2016 - Using WebHooks to handle data changes in your app
QuickBooks Connect 2016 - Using WebHooks to handle data changes in your app
 
QuickBooks Connect 2016 - Designing for mobile
QuickBooks Connect 2016 - Designing for mobileQuickBooks Connect 2016 - Designing for mobile
QuickBooks Connect 2016 - Designing for mobile
 
QuickBooks Connect 2016 - Building a global app: understanding the Global Tax...
QuickBooks Connect 2016 - Building a global app: understanding the Global Tax...QuickBooks Connect 2016 - Building a global app: understanding the Global Tax...
QuickBooks Connect 2016 - Building a global app: understanding the Global Tax...
 
Developing Apps on The QuickBooks Platform
Developing Apps on The QuickBooks PlatformDeveloping Apps on The QuickBooks Platform
Developing Apps on The QuickBooks Platform
 
Citi Accelerator Meetup 6/22/15
Citi Accelerator Meetup 6/22/15Citi Accelerator Meetup 6/22/15
Citi Accelerator Meetup 6/22/15
 
Harmony, Sandbox, and You: Intuit Developer Webinar, January 2015
Harmony, Sandbox, and You: Intuit Developer Webinar, January 2015Harmony, Sandbox, and You: Intuit Developer Webinar, January 2015
Harmony, Sandbox, and You: Intuit Developer Webinar, January 2015
 
How to Pitch an App at a Hackathon
How to Pitch an App at a HackathonHow to Pitch an App at a Hackathon
How to Pitch an App at a Hackathon
 
Small Business Web and Open APIs
Small Business Web and Open APIsSmall Business Web and Open APIs
Small Business Web and Open APIs
 

Recently uploaded

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 

Recently uploaded (20)

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

OAuth for QuickBooks Online REST Services

  • 1. Intuit Developer Group Oauth for QuickBooks Online REST services JarredKeneally Intuit Developer Relations
  • 2. Who’s in the room? 2 • What’s your role? - ProductManager - Engineer? • Worked with OAuth-authorized APIs before? - OAuth 1.0a? - OAuth 2.0? • What languages are you working in? - Java? - .NET? - NodeJS?
  • 3. 3 What is OAuth? Industry Standard in durableauthentication & authorization (AuthN & AuthZ) Token Provisioning,Use,Revocation Replacesprocesses thatinvolve you storing username+passwordfor services you do not provide Widely adopted,tested,and supported
  • 4. 4 How does OAuth work? When you create an App on developer.intuit.com you get an OAuth consumerkey & secret Use the consumerkey to get a requesttoken (server-to-servercall) Open a browserwindow to Intuit for the user to authorizethe token request Upon authorization by the user,a redirectcallback to your serverfrom the browserwindow provides a tokenVerifier When you get the token verifier,the responseshouldclose the popup window. Make server-to-servercallto exchangerequestTokenand tokenVerifierfor an accessTokenand accessTokenSecret
  • 6. 6 Why is OAuth “hard”? Oauth 1.0a was designed for potentially insecure communication channels Client and Serverneed to implementcryptographyto sign & verify every requestusing the token secret If you get the signature wrong,the requestis rejected You are signing a signature base string composed ofthe requestmethod,scheme,server,path,GET query parameters,and oauth parametersin the header(exceptthe oauth_signature parameteritself)in alphabeticalorder. • Example: GET&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacation.jpg%26oauth_consumer_key%3Ddpf43f3p2l4k 3l03%26oauth_nonce%3Dkllo9940pd9333jh%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1191242096%26oauth_token%3Dnnch734d00sl2jdk%26oauth_version%3D1.0%26size %3Doriginal • If you get the base string wrong, then the signature won’t match the base string calculated by the server and the request is rejected.
  • 7. 7 Libraries Help. A Lot Signpostlibrary (oauth.signpost.*) DevDefined.OAuth The “request”module (npm installrequest) PECL OAuth library or OAuthSimple oauth Gem Java .Net NodeJS PHP Ruby
  • 8. 8 Critical URLs RequestToken endpoint: https://oauth.intuit.com/oauth/v1/get_request_token UserAuthorizationURL:https://appcenter.intuit.com/Connect/Begin Access Tokenendpoint:https://oauth.intuit.com/oauth/v1/get_access_token You will typically need to configure any library you use with these three key endpoints. Reconnectendpoint:https://appcenter.intuit.com/api/v1/connection/reconnect Tokensexpire 180 days aftergrant Within 30 days of expiry,callthe reconnectAPIto ensure uninterruptedservicefor your users
  • 9. 9 Oauth Tokens & Secrets are “Top Secret” Data Yourclient credentials(ConsumerSecret)representthe ability to get a user to authorize access to their data thinking they are granting that access to you! If a black hatcan get your secret,they can use yourbrand to do bad things Your consumersecretshould alwaysbe encrypted when at-rest. An access token represents a long-term authorization foryourapp to accessa given user’s data unattended. Accesstoken and AccessToken Secretdata should*always*be stored in encrypted storageand the encryptionkey shouldnotbe stored in the same place! Access tokens& secrets shouldneverbe delivered to a browser Nevermake a call to ourAPIs directly from client-side Javascript For native client-side code in mobile devices:4-leggedOAuth
  • 10. 10 Connect to QuickBooks – The Client Side • We provide a JS library to help manage the flow - https://js.appcenter.intuit.com/Content/IA/intuit.ipp.anywhere-1.3.2.js - Call intuit.ipp.anywhere.setup(params) o Params is a dictionary withgrantURL,datasources object,andpayment options object o grantURL is the URL on your server to start the Oauth process - When Connect To QuickBooks button is clicked call intuit.ipp.anywhere.controller.onConnectToIntuitClicked() o Opens a new popup window o Initiates a sessionwithIntuit withthe parameters you suppliedregarding data sources needed, etc. o Redirects to your Grant URL o Your GrantURL redirects back to us for the user to authorize the connection o We redirect back to your callback URL withthe token verifier o Your response closes the popup window
  • 11. 11 Gotcha! Currentimplementationrestricts each app to one OAuth token per company! Same usergranting a token to the same app for the same company: • no error, previous token invalidated, new token granted. Differentuser granting a token to the same app for the same company: • Error! User informed that user X already subscribed to the app for this company, OAuth token is denied. We did this to preventtwo users from connecting the same app unaware ofeach other and creating duplicate data. There are legitimate use-cases for multiple tokens (i.e.multiple stores on an e-commercesite for differentregions),we’re consideringoptions.
  • 12. 12 Explore the OAuth Samples .NET: https://github.com/IntuitDeveloper/oauth-dotnet Java:https://github.com/IntuitDeveloper/oauth-java PHP: https://github.com/IntuitDeveloper/oauth-php NodeJS:https://www.npmjs.com/package/node-quickbooks npm installnode-quickbooks cd node_modules/node-quickbooks/example Ruby:https://github.com/ruckus/quickbooks-ruby
  • 13. 13 Putting it all together
  • 14. 14 Q & A Contact Us: @IntuitDeveloper @JarredKeneally developer.intuit.com
  • 18. • An elegant and cohesive ecosystem API - Envisioned as a graph - Consumed by 1P through an internal SDK - Experienced through projections • High degree of automation – architected for testability • Architecture - Domain variability expressed consistently through Json Schema • Accelerates decomposition through orchestrated graph queries and writes • Enables innovation, balancing speed with governance • Dog-fooding: identical functionality, quality, and availability for 1st, 2nd, and 3rd parties V4 Services Overview V4 3rd 2nd 1st 18
  • 19. Putting it all together 19
  • 20. V4 Endpoint V4 Decomposed Services Putting it all together – ideal V4 services state 20 Internal SDK V3 EndpointTranslation QBO UX Widgets (Mobile, Web, Future 3P) 1P 2P / 3P Official 3P SDKs (e.g. Java, .net, PHP) App / Integration App / Integration App / Integration Many (~50%) of our 3P developers also use SDKs. Our official 3P SDKs will evolve to support multiple API version interoperability. Many of our 3P developers write directly to rest APIs. Our 1P teams will make heavy use of an internal SDK that enforces internal best practices around building great offerings. Our translation infrastructure makes it possible to extend the lifetime of API versions – a tremendous developer benefit for 1P, 2P, and 3P personas. Accountin g Payroll Payments Money Movemen t & Risk Transactio ns ReportingCompany Accountan t Integratio ns Network Indirect Tax Inventory
  • 21. 21
  • 22. V4 API Services Developer Benefit 22 QBO UX Widgets (Mobile,Web, Future 3P) V4 QBO Services App / Integration Complete and Consistent Foundation for Developers • 2P/3P Developers can do anything that the UI can do • All QBO uses the same services – so no more one-off behaviors • Apps enjoy the same reliability as core QBO V3 App V3 Endpoint V4 Endpoint V4 App Translation App Durability • API version translation means that developerinvestment is durable • No more deprecation cost for developers (and the QuickBooks team) QBO Services V4.1 Endpoint V4.1 App Translation QBO Services V4.n Endpoint V4.n App Translation QBO Services
  • 23. Grow My Business Deliver Awesome Experiences Quickly Access New Connections Retention Active Connections Speed Time to Launch Value Integration Star Rating + + DEVELOPER SEGMENT 23
  • 24. V4 is a graph V4 { companies: { bills: { vendor: { } } employees: { } vendors: { } items: { } } users: { … } } Root of the graph Has an array of companies Which has an array of bills … 24
  • 25. Projections of the Graph V4 { companies: { bills: { vendor: { } } … REST GET https://v4.api.intuit.com/companies/1234/bills/1234/vendor BATCH POST https://v4.api.intuit.com/companies/1234/entities [{vendor}, {employee}, {bill1}, {bill2}, {query}] SIMPLE QUERY GET https://v4.api.intuit.com/companies/1234/bills?where=“vendor.name=J eff” GRAPH QUERY POST https://v4.api.intuit.com/graphql { company(id: “1234”) { bills(first: 100, where: “vendor.name=Jeff”) { edges { node { id txnDate } } } 25
  • 26. Normalized to a Batch… Domains implement BATCH REST SIMPLE QUERY GRAPH QL Projections BATCH BATCH 26