Skip to content

QuickBooks API Key

Service Name: QuickBooks

Service Description: QuickBooks is a comprehensive accounting software developed by Intuit that offers financial management solutions for small to medium-sized businesses, including invoicing, expense tracking, payroll, and tax filing capabilities.

Service Address: https://quickbooks.intuit.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the app level in the Intuit Developer Dashboard.

Secret Access Scope: Grants programmatic access to QuickBooks data and functionality, allowing applications to interact with financial records, customer information, invoices, and other accounting data.

Secret Revokement URL: https://developer.intuit.com/app/developer/dashboard

Secret Example: e9IxoUiRnUBCJcwKwGGvfGgTmUxRSPfQZmgJ

Suspicious Activity Investigation Instructions:

  • Review the access logs in the Intuit Developer Dashboard for unusual API calls or access patterns.
  • Check for unauthorized data exports or modifications to financial records.
  • Monitor for unexpected changes to customer information or accounting data.
  • Verify if the API key has been used from unusual geographic locations or IP addresses.
  • Review application permissions to ensure they align with expected functionality.

Mitigation Instructions:

  • Log in to the Intuit Developer Dashboard at https://developer.intuit.com/app/developer/dashboard
  • Navigate to your application settings.
  • Locate the compromised API key and select "Revoke" or "Delete".
  • Generate a new API key with appropriate permissions.
  • Update your application with the new API key.
  • Consider implementing additional security measures such as IP restrictions.
  • Review and adjust the OAuth scopes to limit access to only necessary QuickBooks data.
  • Enable webhook notifications for critical data changes to monitor for suspicious activity.