Understanding QuickBooks Online API Access
- Familiarize yourself with the QuickBooks Online API documentation. It provides detailed information on endpoints, authentication, and limits.
- You typically interact with QuickBooks Online API using OAuth 2.0 for authentication, and RESTful HTTP requests because of its stateless server to client communication.
Set Up Your PHP Environment
- Ensure you have PHP installed with necessary extensions like `cURL` and `OpenSSL` for HTTPS requests.
- Install a library to handle OAuth 2.0 authentication. One popular choice is `thephpleague/oauth2-client`.
composer require league/oauth2-client
Create Your OAuth 2.0 Client
- Create a PHP script where you'll define your OAuth 2.0 client’s credentials including client ID, client secret, redirect URI, and authorization URLs.
require 'vendor/autoload.php';
use League\OAuth2\Client\Provider\GenericProvider;
$provider = new GenericProvider([
'clientId' => 'YOUR_CLIENT_ID',
'clientSecret' => 'YOUR_CLIENT_SECRET',
'redirectUri' => 'YOUR_REDIRECT_URI',
'urlAuthorize' => 'https://appcenter.intuit.com/connect/oauth2',
'urlAccessToken' => 'https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer',
'urlResourceOwnerDetails' => 'https://sandbox-quickbooks.api.intuit.com/v3/company'
]);
Authenticate and Obtain Access Token
- Direct the user to the QuickBooks Online authorization page, which will redirect back with an authorization code after user consent.
- Exchange the authorization code for an access token that grants API access.
session_start();
// Redirect to QuickBooks Online Authorization URL
if (!isset($_GET['code'])) {
$authorizationUrl = $provider->getAuthorizationUrl();
$_SESSION['oauth2state'] = $provider->getState();
header('Location: ' . $authorizationUrl);
exit;
}
// Check given state against previously stored one to mitigate CSRF attack
elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {
unset($_SESSION['oauth2state']);
exit('Invalid state');
}
// Get an access token using the authorization code grant
try {
$accessToken = $provider->getAccessToken('authorization_code', [
'code' => $_GET['code']
]);
} catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) {
exit($e->getMessage());
}
Make API Requests
- Now with access token, you can make authenticated API requests to QuickBooks Online API endpoints to fetch or update data.
- Use `cURL` or a suitable library for HTTP requests in PHP, making sure you pass your access token in the authorization header.
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://sandbox-quickbooks.api.intuit.com/v3/company/YOUR_COMPANY_ID/query?query=SELECT%20*%20FROM%20Customer",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => [
"Authorization: Bearer {$accessToken->getToken()}",
"Accept: application/json"
],
]);
$response = curl_exec($curl);
curl_close($curl);
$data = json_decode($response, true);
print_r($data);
