Skip to content

QuickBooks API Secret

Service Name: QuickBooks (Intuit)

Service Description: QuickBooks is a comprehensive accounting software developed by Intuit that offers financial management solutions for small to medium-sized businesses, including invoicing, expense tracking, payroll, and tax filing capabilities.

Service Address: https://developer.intuit.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured in the Intuit Developer Portal under app settings.

Secret Access Scope: Grants programmatic access to QuickBooks financial data, including customer information, invoices, payments, expenses, and accounting records.

Secret Revokement URL: https://developer.intuit.com/app/developer/dashboard

Secret Example: e9Nf4R2cBmT6vZ8xK3sL1pQ7yU0jD5hG

Suspicious Activity Investigation Instructions:

  • Review the OAuth token usage logs in the Intuit Developer Dashboard.
  • Check for unusual API calls or data access patterns in the QuickBooks activity log.
  • Monitor for unexpected changes to financial records or customer data.
  • Verify if there are any unauthorized app connections to your QuickBooks account.
  • Review recent changes to permissions or scopes granted to applications.

Mitigation Instructions:

  • Log in to the Intuit Developer Dashboard at https://developer.intuit.com/app/developer/dashboard
  • Navigate to your app settings.
  • Locate and revoke the compromised client secret.
  • Generate a new client secret for your application.
  • Update your application code with the new client secret.
  • Review and potentially reduce the OAuth scopes granted to your application.
  • Enable additional security features like IP restrictions if available.
  • Consider implementing webhook notifications for sensitive data changes.