Quickbooks Connecting Seller API Credentials using Client ID/Client Secret -- any other method?

Question

I'm using Quickbooks API and I'm trying to connect a sellers quickbook with the API. To do this, it currently says we need to pass the sellers Client API Key/Secret. Here's my current code:

$dataService = DataService::Configure(array(
    'auth_mode' => 'oauth2',
    'ClientID' => $request->client_id,
    'ClientSecret' => $request->client_id,
    'RedirectURI' => 'redirecturi',
    'scope' => "com.intuit.quickbooks.accounting",
    'baseUrl' => 'https://sandbox-quickbooks.api.intuit.com'
));

My concern is this is lengthy to have our clients input a client id and secret key. I doubt any of my clients would know how to single handly figure that out. Is there a way to connect a sellers quickbook with the api using the email address connected to the api (or something equally similar)

Answer 1

The direct answer to this question:

Is there a way to connect a sellers quickbook with the api using the email address connected to the api (or something equally similar)

Is no. To connect QuickBooks a Client ID and Client Secret (and realistically an encryption key, OAuth redirect URI, EULA website, and registration process with Intuit) are all required.

But the way you ask the question makes me think you may misunderstand how the connection to QuickBooks (and OAuth in general) works. So, read on.

Generally, QuickBooks integrations fall into one of the following categories:

1. The company hosting the app is the same as the company connecting QuickBooks

e.g. you are a consultant who built a custom QuickBooks integration for your client, so they can connect their own backend/app to their own QuickBooks.

In this case, you should walk your client through creating an "app" on https://developer.intuit.com and getting the Client ID and Client Secret.

They only have to do this once.

They will then go through the OAuth connection process once and only once and your program will store the access and refresh tokens. You use the stored tokens to authenticate to the APIs going forward.

2. If you host your own app and want to let your customers connect their QuickBooks (e.g. a SaaS app):

If you're the developer of a SaaS app, then you should be registering with https://developer.intuit.com

You then keep the Client ID and Client Secret secret to yourself. When your customers want to connect their QuickBooks to your app, you provide a button so that they can go through the OAuth flow to connect once and exactly once. All of your customers will use the same Client ID and Client Secret, but for each QuickBooks account that gets connected you'll get a distinct pair of access and refresh tokens.

Store those tokens, and use those tokens to authenticate to each customer's QuickBooks Online accounts going forward.

Do not let your customers provide their own Client ID and Client Secret. You own the app, so you own the Client ID and Client Secret as well, and need to keep those securely stored in your app.

3. You build a plugin/app of some sort, which your customers host themselves and will connect their own QuickBooks to:

e.g. you develop a WordPress plugin to connect QuickBooks to WordPress, and you want to allow people to download your .php code, host it on their own website, and connect their own QuickBooks.

This is the scenario that is really ugly, and there isn't a great workflow for.

In this case, each person you sell your app/plugin to needs to register their own app on https://developer.intuit.com

They will need to get their own Client ID and Client Secret, and securely store those on their server.

The person will go through the OAuth flow once and only once, and Intuit will give them back the access and refresh tokens and your plugin should store those securely and use those to authenticate to the APIs going forward.