Setup

Owned by Development
Last updated: Nov 22, 2024
7 min read

Make sure the QBO plan is a Plus or Advanced. These plans support applications for integration.

  1. To setup Smart Advocate Accounting Integration with QuickBooks Online needs to provide ClientID, ClientSecret and WebHook Verifier Token. This information must be obtained on the Intuit Developer page: https://developer.intuit.com/

  2. Sign in at https://developer.intuit.com as a client.

  3. Open My Hub in right top corner of the page and click on App Dashboard or Workspaces

    image-20241122-153346.png

  4. If you clicked Workspaces, then create a new one.

  1. Then add info about your company:

 

 

  1. then contact info:

 

 

 

  1. Then Create an app (“+” button) and give a name for the app.

  1. on the next page select a accounting scope for the application you are creating:

  1. In the  Production Settings section, in Keys & credentials menu item, the list of requirements of the conditions that must be complete:

 

 

  1. In the Add your app's end-user license agreement and privacy policy menu item set this URL’s:

End User License Agreement Url: https://www.smartadvocate.com/terms-of-service/

Privacy Policy Url: https://www.smartadvocate.com/privacy-policy/

  1. Add the App URLs on the next step.

Host Domain: app.smartadvocate.com

Launch URL: https://app.smartadvocate.com/SA

Disconnect URL: https://app.smartadvocate.com/SA/AccountingIntegration.aspx?disconnect=true

  1. select your app's main use cases in the Categorize your app.

 

 

  1. Specify  the industries in which the application is used in Tell us about regulated industries that use your app section.

 

 

  1. Select where the app is hosted.

 

  1. Complete the app assessment questionnaire on the Compliance tab.

 

Q&A of app assessment questionnaire

General Questions

  1. Has your company ever received any complaints, lawsuits, or investigative requests from regulatory authorities or government agencies?

    • No

  2. Have you worked with legal counsel to understand any regulatory requirements or other considerations related to your business activities and use of user data?

    • Yes

  3. Have you reviewed and confirmed that you will comply with the security policies found here?

    • Yes, I confirm that my app will comply with the security policies found above.

  4. Have you reviewed and confirmed that you will comply with the Supplier Code of Conduct found here?

    •    Yes, I confirm that my app will comply with the Supplier Code of Conduct found above.

  5. Apps that use Intuit APIs (whether public or private) need to be relevant and clearly related to QuickBooks, accounting, payments, workflows, finance, and other acceptable uses.  Is your app designed for either of the following:·  To enhance, streamline, or improve yours or others’ QuickBooks experience· To facilitate a business process (e.g. syncing QBO data to another service)

    •   Yes

  6. Are you or any of your representatives (including owners, affiliated parties, associated parties or any beneficiaries):

· (i) on any sanctions lists in the countries available in the app store or

· (ii) located or doing business in jurisdictions subject to comprehensive embargoes or comprehensive sanctions, as relevant under applicable law, including Cuba, Iran, North Korea, Syria and the regions of Crimea, Zaporizhzhia and Kherson, the Donetsk People’s Republic (“DNR”) and Luhansk People’s republic (“LNR”), in Ukraine, and Russia?

o    No

  1. Does your application involve any generative AI functionality, including but not limited to ChatGPT, GPT-3 or 4, Google’s Gemini, conversational chatbots, etc.?

o    No

 

App Information

  1. Which of the following is true about your app (at least one option must be checked):

    • You built your app from scratch and wrote the code that lets it interact with Intuit APIs and data

  2. What platform(s) does your app utilize and make API calls from? (Select all that apply)

    • Web/SaaS

    • Web/Browser

  3. How does your app interact with Intuit product data? (Select all that apply)

    • it reads data from Intuit product(s)

    • It writes data to Intuit product(s) (including Charge/ECheck transactions for payment processing)

  4. Are you building a private app for your team or business? Or, do you plan to make it publicly available?

    • Select a private app.

  5. Which types of QuickBooks Online users can use your app?

    • Any user of the QuickBooks Online company

  6. Does your app integrate with platforms other than Intuit?

    • No

Authorization and Authentication

  1. Have you tested connecting, disconnecting, and reconnecting your app with a sandbox or non-production company?

    • Yes

  2. How often does your app refresh access tokens?

    • Only when access tokens expire

  3. Does your app retry authorization and authentication requests that have failed?

    • Yes

  4. If your app encounters an authorization and authentication error, do you ask customers to reconnect to your app?

    • No

  5. Did you use the Intuit discovery document to get the latest endpoints required in the OAuth2.0 flow?

    • Yes

  6. Can your app handle the following scenarios (yes/no):

    1. Errors due to expired access tokens

      • Yes

    2. Errors due to expired refresh tokens

      • Yes

    3. Invalid grant errors

      • Yes

    4. CSRF errors

      • Yes

  7. Does your app rely on the OAuth playground or other offline tools to get access or refresh tokens tokens?

    • Yes

API Usage

  1. Which of the broad API categories does your app use? (multiple choice)

    • Accounting API

  2. How often does your app call our APIs for each customer? (multiple choice)

    • Daily

Accounting API (skip it you you don’t see this question)

  1. Which customer-facing version of QuickBooks Online is your app designed for? (Select all that apply)

    • Plus

    • Advanced

  2. Users often change versions of QuickBooks Online. This means they may get access to new features, or lose certain features, at any time. Can your app handle situations where users gain or lose access to version-specific features?

    • No

  3. Does your app utilize any of the following features ? (Select all that you've verified and thoroughly tested)

    • None of the above

  4. Do you use webhooks for your app?

    • Yes

  5. Is the endpoint URL active and functional?

    • Yes

  6. Do you use the CDC operation for your app?

    • Yes

Why do you use the CDC operation?

Using webhooks doesn't give me the information I need

How often do you poll the CDC service?

More than once an hour

Error Handling

  1. Have you tested if your app can handle API errors, including syntax and validation errors?

    • Yes

  2. Does your app capture the value of the intuit_tid field from response headers? Tip: We recommend you capture this field. It will help our support team quickly identify issues when troubleshooting.

    • Yes

  3. Does your app have a mechanism for storing all error information in logs that can be shared for troubleshooting purposes, if required? Tip: We recommend you maintain logs. It will help our support team quickly identify issues when troubleshooting.

    • Yes

  4. Do you provide a way for customers to contact you for support from within your app?

    • Yes

  5. How?

    • SmartAdvocate customer support  web portal and phone call.

Security

  1. Has your company ever had a security breach that required notification to customers or government agencies/authorities?

    • No

  2. Do you have a security team that regularly assesses vulnerabilities and risks for your app?

    • Yes

  3. Are the client ID and client secret for your app stored securely (i.e. not hardcoded within your app or displayed in browser console logs)?

    • Yes

  4. Does your app use multi-factor authentication?

    • Yes

  5. Does your app use Captcha for authentication?

    • No

  6. Does your app use WebSocket?

    • No

  7. Once a customer's Intuit data is in your system, do you allow it to be used by or shown to anyone other than that customer?

    • No, all Intuit customer data processed by our app is only used for the benefit of the original customer

 

 

  1. After review by the QuickBooks Online team (about a few hours) in the Production Settings section, in App assessment questionnaire menu item, the status of the submission will change:

17. After app approval you can see Client ID and Client Secret from production settings. Please provide it to SmartAdvocate team.

 

  1. Add this URL to RedirectURL’s tab:

https://app.smartadvocate.com/SA/AccountingIntegration.aspx

  1. Also please check if United States is selected in Accepted Connections

 

 

Visit smartadvocate.com/support for other help options including how to access our Support Tracker and Daily Office Hours sessions.