Skip to content

QuickBooks Refresh Token

Service Name: QuickBooks

Service Description: QuickBooks is a comprehensive accounting software developed by Intuit that offers financial management solutions for small to medium-sized businesses, including invoicing, expense tracking, payroll, and tax filing capabilities.

Service Address: https://quickbooks.intuit.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through Intuit's security settings

Secret Access Scope: Grants programmatic access to QuickBooks data and functionality through the QuickBooks API, allowing applications to access financial data, create transactions, manage customers and vendors, and perform other accounting operations.

Secret Revokement URL: https://developer.intuit.com/app/developer/qbo/docs/develop/authentication-and-authorization/oauth-2.0#revoke-token

Secret Example: AB11570516767Qd9tdKqRGMfYrOxUzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890

Suspicious Activity Investigation Instructions:

  • Review the QuickBooks activity log for unauthorized access or unusual transactions
  • Check for unknown or suspicious third-party app connections in your QuickBooks account
  • Monitor for unexpected data exports or changes to financial records
  • Verify recent API calls made using the refresh token through Intuit's developer dashboard
  • Review IP addresses that have accessed your QuickBooks account for unfamiliar locations

Mitigation Instructions:

  • Immediately revoke the compromised refresh token through the Intuit Developer Dashboard
  • Navigate to your app's OAuth settings and click "Revoke" next to the affected token
  • Generate a new refresh token for legitimate applications that need access
  • Update your Intuit account password and enable two-factor authentication
  • Review and update application permissions to ensure they have only necessary access
  • Consider implementing IP restrictions for API access if available for your account type
  • Monitor account activity for any signs of continued unauthorized access