Resources/The Agent API Atlas/Finance/QuickBooks

Everything an AI agent can do with the QuickBooks API.

A reference guide for building AI agents: every method, how to authenticate, and the permissions each one needs.

Endpoints32

API versionv3

Last updated23 June 2026

Orientation

How the QuickBooks API works.

The QuickBooks API is how an app or AI agent works with a QuickBooks company's books: creating an invoice, recording a payment, adding a customer or vendor, and querying bills and accounts. Access is granted through an OAuth token tied to one connected company, and a single accounting permission grants that token full read and write access to every accounting record, with no per-record scope. A change to a record can emit an event that QuickBooks delivers to a registered endpoint.

32Endpoints

8Capability groups

14Read

18Write

1Permissions

Authentication

QuickBooks authenticates with OAuth 2.0. A user connects a company and consents, and the app receives a short-lived access token and a longer-lived refresh token tied to that company's realmId, which also identifies the company in every request path. The access token is refreshed with the refresh token, and OpenID Connect can sign the user in alongside data access.

Permissions

Access is coarse. A single OAuth scope, com.intuit.quickbooks.accounting, grants the token full read and write access to every accounting entity in the connected company; there is no per-entity or read-only accounting scope. Charging cards through QuickBooks Payments is a separate product with its own com.intuit.quickbooks.payment scope. Because the accounting scope is all-or-nothing, narrowing what an agent can actually do has to happen outside the token.

Versioning

The API is version 3, and Intuit ships dated, numbered minor versions on top of it rather than minting new major versions. An app pins a minor version with the minorversion query parameter on each request, so a later minor version does not change a response unexpectedly. Leaving it off uses the oldest supported minor version.

Data model

QuickBooks is entity-oriented JSON under /v3/company/{realmId}. Each entity, like Customer, Invoice, Item, Payment, Bill, Vendor, and Account, is created and read at its own path, while reads across records run through one shared /query endpoint with a SQL-like statement. An update posts the full object with its current SyncToken, transaction entities are deleted with a POST carrying operation=delete, and a change can emit a webhook event.

Connect & authenticate

Connection & authentication methods.

How an app or AI agent connects to QuickBooks determines what it can reach. There is a route for making calls, a route for receiving events, and a first-party server that exposes QuickBooks tools to agents, and each is governed by the token behind it and the company it is connected to.

Ways to connect

REST API

The Accounting API answers at https://quickbooks.api.intuit.com (and https://sandbox-quickbooks.api.intuit.com for sandbox), under /v3/company/{realmId}. The realmId identifies the connected QuickBooks company. A request takes and returns JSON, pins a numbered minor version with the minorversion query parameter, and runs reads either by id or through the shared /query endpoint.

Best forConnecting an app or AI agent to QuickBooks.

Governed byThe OAuth token and the company it is connected to.

Docs ↗

Webhooks

QuickBooks POSTs an event notification to an HTTPS endpoint registered in the developer portal when records change in a connected company. The payload names the entity, the operation (Create, Update, Delete), and the company, but not the changed data, so an integration fetches the record afterward. An intuit-signature header, verified against the app's verifier token, confirms the request came from Intuit.

Best forReceiving QuickBooks change events at an app or AI agent.

Governed byThe verifier token on the app.

Docs ↗

MCP server (early preview)

Intuit publishes a first-party Model Context Protocol server at github.com/intuit/quickbooks-online-mcp-server. It is an early preview that runs locally as a stdio subprocess, authenticates to a company with OAuth 2.0, and exposes QuickBooks entities and reports as callable tools, with environment variables to disable write, update, or delete tools.

Best forConnecting an AI agent to QuickBooks through MCP.

Governed byThe OAuth grant and the company it is connected to.

Docs ↗

Authentication

OAuth 2.0 (authorization code)

QuickBooks uses the OAuth 2.0 authorization-code flow. A user connects a company and consents, and the app receives an access token plus a refresh token tied to that company's realmId. The access token is short-lived and refreshed with the refresh token. There is no per-entity scope: the accounting scope grants the token full read and write access to every accounting entity in the connected company.

TokenOAuth 2.0 bearer access token (with refresh token)

Best forConnecting an app or AI agent to a QuickBooks company.

Docs ↗

OpenID Connect (sign-in)

On top of OAuth 2.0, QuickBooks supports OpenID Connect for signing a user in with their Intuit account. The openid, profile, email, phone, and address scopes return identity details about the user, separate from the accounting scope that grants data access.

TokenOpenID Connect ID token

Best forSigning a user in with Intuit, alongside data access.

Docs ↗

Capability map

What an AI agent can do in QuickBooks.

The QuickBooks API is split into the accounting records an agent can act on, like customers, invoices, items, payments, bills, vendors, and accounts. Each is created, read, updated, and queried through its own methods, and a write changes the company's books.

Customers

4 endpoints

Create, read, update, and query the customers a company invoices.

A write here changes real customer records.

View endpoints →

Invoices

6 endpoints

Create, read, update, delete, send, and query sales invoices.

A write here changes real invoice records.

View endpoints →

Items

4 endpoints

Create, read, update, and query the products and services on a sale.

A write here changes real item records.

View endpoints →

Payments

4 endpoints

Create, read, update, delete, and query payments received against invoices.

A write here changes real payment records.

View endpoints →

Bills

4 endpoints

Create, read, update, delete, and query bills owed to vendors.

A write here changes real bill records.

View endpoints →

Vendors

4 endpoints

Create, read, update, and query the vendors a company buys from.

A write here changes real vendor records.

View endpoints →

Accounts

4 endpoints

Create, read, update, and query the chart-of-accounts ledgers.

A write here changes the chart of accounts.

View endpoints →

Company & query

2 endpoints

Read company information and run SQL-like queries across entities.

A write here changes real company records.

View endpoints →

Endpoint reference

Every QuickBooks API method.

Filter by method, access, or permission, or search any path. Select a row for version detail, rate limits, the related webhook event, and the source.

Hide deprecated

Method	Endpoint	What it does	Access	Permission	Version
Customers Create, read, update, and query the customers a company invoices.4
POST	`/v3/company/{realmId}/customer`	Create a customer.	write	`accounting`	Current
Granted by the single com.intuit.quickbooks.accounting scope, which covers all accounting entities; there is no per-entity scope. Acts onCustomer Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook event`customer.changed` Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v3/company/{realmId}/customer/{customerId}`	Read a single customer by id.	read	`accounting`	Current
Granted by com.intuit.quickbooks.accounting; the same scope covers reads and writes. Acts onCustomer Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v3/company/{realmId}/customer`	Update a customer, posting the full object with its current SyncToken (a sparse update is also supported).	write	`accounting`	Current
An update posts to the entity path, not an id path; the SyncToken must match the current version or the call is rejected. Acts onCustomer Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook event`customer.changed` Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v3/company/{realmId}/query`	Query customers with a SQL-like statement, like select * from Customer.	read	`accounting`	Current
All queries run through the shared /query endpoint; the entity is named in the statement. Acts onCustomer Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Invoices Create, read, update, delete, send, and query sales invoices.6
POST	`/v3/company/{realmId}/invoice`	Create an invoice.	write	`accounting`	Current
Granted by com.intuit.quickbooks.accounting. Acts onInvoice Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook event`invoice.changed` Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v3/company/{realmId}/invoice/{invoiceId}`	Read a single invoice by id.	read	`accounting`	Current
Granted by com.intuit.quickbooks.accounting. Acts onInvoice Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v3/company/{realmId}/invoice`	Update an invoice, posting the full object with its current SyncToken (a sparse update is also supported).	write	`accounting`	Current
A full update replaces the object; the SyncToken must match the current version. Acts onInvoice Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook event`invoice.changed` Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v3/company/{realmId}/invoice?operation=delete`	Delete an invoice, posting its id and SyncToken with operation=delete.	write	`accounting`	Current
Transaction entities like invoices are deleted through a POST with operation=delete, not an HTTP DELETE. Acts onInvoice Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook event`invoice.changed` Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v3/company/{realmId}/invoice/{invoiceId}/send`	Email an invoice as a PDF to the customer.	write	`accounting`	Current
Sends to the address on the invoice, or to a sendTo address passed as a query parameter. Acts onInvoice Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook event`invoice.changed` Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v3/company/{realmId}/query`	Query invoices with a SQL-like statement, like select * from Invoice.	read	`accounting`	Current
Runs through the shared /query endpoint. Acts onInvoice Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Items Create, read, update, and query the products and services on a sale.4
POST	`/v3/company/{realmId}/item`	Create an item, a product or service that can appear on a sale.	write	`accounting`	Current
Granted by com.intuit.quickbooks.accounting. Acts onItem Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook event`item.changed` Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v3/company/{realmId}/item/{itemId}`	Read a single item by id.	read	`accounting`	Current
Granted by com.intuit.quickbooks.accounting. Acts onItem Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v3/company/{realmId}/item`	Update an item, posting the full object with its current SyncToken (a sparse update is also supported).	write	`accounting`	Current
The SyncToken must match the current version. Acts onItem Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook event`item.changed` Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v3/company/{realmId}/query`	Query items with a SQL-like statement, like select * from Item.	read	`accounting`	Current
Runs through the shared /query endpoint. Acts onItem Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Payments Create, read, update, delete, and query payments received against invoices.4
POST	`/v3/company/{realmId}/payment`	Create a payment, recording money received and applying it to invoices.	write	`accounting`	Current
This is accounting data; recording a received payment differs from charging a card, which needs the separate com.intuit.quickbooks.payment scope. Acts onPayment Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook event`payment.changed` Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v3/company/{realmId}/payment/{paymentId}`	Read a single payment by id.	read	`accounting`	Current
Granted by com.intuit.quickbooks.accounting. Acts onPayment Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v3/company/{realmId}/payment`	Update a payment, posting the full object with its current SyncToken (a sparse update is also supported).	write	`accounting`	Current
The SyncToken must match the current version. Acts onPayment Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook event`payment.changed` Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v3/company/{realmId}/payment?operation=delete`	Delete a payment, posting its id and SyncToken with operation=delete.	write	`accounting`	Current
Transaction entities are deleted through a POST with operation=delete. Acts onPayment Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook event`payment.changed` Rate limitStandard limits apply SourceOfficial documentation ↗
Bills Create, read, update, delete, and query bills owed to vendors.4
POST	`/v3/company/{realmId}/bill`	Create a bill, an amount owed to a vendor.	write	`accounting`	Current
Granted by com.intuit.quickbooks.accounting. Acts onBill Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook event`bill.changed` Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v3/company/{realmId}/bill/{billId}`	Read a single bill by id.	read	`accounting`	Current
Granted by com.intuit.quickbooks.accounting. Acts onBill Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v3/company/{realmId}/bill`	Update a bill, posting the full object with its current SyncToken (a sparse update is also supported).	write	`accounting`	Current
The SyncToken must match the current version. Acts onBill Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook event`bill.changed` Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v3/company/{realmId}/bill?operation=delete`	Delete a bill, posting its id and SyncToken with operation=delete.	write	`accounting`	Current
Transaction entities are deleted through a POST with operation=delete. Acts onBill Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook event`bill.changed` Rate limitStandard limits apply SourceOfficial documentation ↗
Vendors Create, read, update, and query the vendors a company buys from.4
POST	`/v3/company/{realmId}/vendor`	Create a vendor.	write	`accounting`	Current
Granted by com.intuit.quickbooks.accounting. Acts onVendor Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook event`vendor.changed` Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v3/company/{realmId}/vendor/{vendorId}`	Read a single vendor by id.	read	`accounting`	Current
Granted by com.intuit.quickbooks.accounting. Acts onVendor Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v3/company/{realmId}/vendor`	Update a vendor, posting the full object with its current SyncToken (a sparse update is also supported).	write	`accounting`	Current
The SyncToken must match the current version. Acts onVendor Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook event`vendor.changed` Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v3/company/{realmId}/query`	Query vendors with a SQL-like statement, like select * from Vendor.	read	`accounting`	Current
Runs through the shared /query endpoint. Acts onVendor Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Accounts Create, read, update, and query the chart-of-accounts ledgers.4
POST	`/v3/company/{realmId}/account`	Create an account in the chart of accounts.	write	`accounting`	Current
Granted by com.intuit.quickbooks.accounting. Acts onAccount Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook event`account.changed` Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v3/company/{realmId}/account/{accountId}`	Read a single account by id.	read	`accounting`	Current
Granted by com.intuit.quickbooks.accounting. Acts onAccount Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v3/company/{realmId}/account`	Update an account, posting the full object with its current SyncToken (a sparse update is also supported).	write	`accounting`	Current
Accounts cannot be deleted through the API; they are made inactive with an update instead. Acts onAccount Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook event`account.changed` Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v3/company/{realmId}/query`	Query accounts with a SQL-like statement, like select * from Account.	read	`accounting`	Current
Runs through the shared /query endpoint. Acts onAccount Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Company & query Read company information and run SQL-like queries across entities.2
GET	`/v3/company/{realmId}/companyinfo/{realmId}`	Read the company's information, like its name, address, and fiscal-year settings.	read	`accounting`	Current
A common first call to confirm the connection and read company settings. Acts onCompanyInfo Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v3/company/{realmId}/query`	Run a SQL-like query across any supported entity, with where, orderby, and maxresults clauses.	read	`accounting`	Current
One endpoint serves every entity; the query statement names the entity and returns at most 1,000 rows per page. Acts onQuery Permission (capability)`accounting` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗

No endpoints match those filters.

Webhooks

Webhook events.

QuickBooks can notify an app when a record changes in a connected company, like an invoice being created or a customer being updated. It sends an event that names the entity, the operation, and the company, so an integration fetches the changed record rather than polling.

Event	What it signals	Triggered by
`Customer (Create, Update, Delete)`	Fires when a customer is created, updated, or merged in a connected company.	`/v3/company/{realmId}/customer` `/v3/company/{realmId}/customer`
`Invoice (Create, Update, Delete)`	Fires when an invoice is created, updated, sent, or deleted in a connected company.	`/v3/company/{realmId}/invoice` `/v3/company/{realmId}/invoice` `/v3/company/{realmId}/invoice?operation=delete` `/v3/company/{realmId}/invoice/{invoiceId}/send`
`Item (Create, Update, Delete)`	Fires when an item, a product or service, is created or updated in a connected company.	`/v3/company/{realmId}/item` `/v3/company/{realmId}/item`
`Payment (Create, Update, Delete)`	Fires when a payment is created, updated, or deleted in a connected company.	`/v3/company/{realmId}/payment` `/v3/company/{realmId}/payment` `/v3/company/{realmId}/payment?operation=delete`
`Bill (Create, Update, Delete)`	Fires when a bill is created, updated, or deleted in a connected company.	`/v3/company/{realmId}/bill` `/v3/company/{realmId}/bill` `/v3/company/{realmId}/bill?operation=delete`
`Vendor (Create, Update, Delete)`	Fires when a vendor is created or updated in a connected company.	`/v3/company/{realmId}/vendor` `/v3/company/{realmId}/vendor`
`Account (Create, Update, Delete)`	Fires when an account in the chart of accounts is created or updated in a connected company.	`/v3/company/{realmId}/account` `/v3/company/{realmId}/account`

No events match that search.

Rate limits & pagination

Rate limits, pagination & request size.

QuickBooks limits how fast an app can call, by a request rate measured per minute for each connected company and by a separate limit on how many requests run at once.

Request rate

QuickBooks throttles each connected company separately, identified by its realmId. The Accounting API allows up to 500 requests per minute per company, with at most 10 requests running at once for the app. The batch endpoint, which bundles several operations into one call, has its own lower per-minute limit. Going over returns HTTP 429, the point to back off and retry with exponential backoff and jitter.

Pagination

Queries run through the shared /query endpoint and page with the STARTPOSITION and MAXRESULTS clauses in the query statement, where MAXRESULTS tops out at 1,000 rows per page. There are no cursors; an integration advances STARTPOSITION to walk through the results.

Request size

A single query returns at most 1,000 rows. The batch endpoint accepts at most 30 operations per request. An app should pin the API version with the minorversion query parameter so a later minor version does not change a response unexpectedly.

Errors

Status codes & error handling.

The status codes an agent should handle, and what to do about each.

Status	Code	Meaning	What to do
400	`ValidationFault`	The request was understood but a value is invalid or a business rule failed, like a missing required field, an unsupported character, or a stale SyncToken. The Fault element carries an Error with a code, a Message, and a Detail.	Read the Error code and Detail, fix the named field, and resend. The request is not retryable as-is.
401	`AuthenticationFault`	The access token is missing, expired, or invalid.	Refresh the access token with the refresh token, or reconnect the company if the refresh token has expired.
403	`AuthorizationFault`	The token is valid but not allowed for this request, for example the connected company lacks the accounting scope, or the app lacks access to the feature.	Confirm the app requested the com.intuit.quickbooks.accounting scope and that the company was connected with it.
429	`ThrottleExceeded`	The per-minute request rate or the concurrent-request limit for the company was exceeded.	Back off and retry with exponential backoff and jitter, and reduce how many requests run at once.
500	`SystemFault / ServiceFault`	An unexpected error on Intuit's side, which can also appear as 503 when the service is temporarily unavailable.	Retry with backoff, and contact Intuit support if it persists.

Versioning & freshness

Version history.

QuickBooks keeps one API version, version 3, and ships dated, numbered minor versions on top of it that an app pins with a query parameter on each request.

Version history

What changed, and when

Latest versionv3

v3Current version

Accounting API version 3 with numbered minor versions

The QuickBooks Online Accounting API is version 3. Rather than minting new major versions, Intuit ships dated, numbered minor versions on top of v3 that add fields and behaviors, and an app pins one with the minorversion query parameter on each request. Leaving minorversion off now uses minor version 75, the default since older minor versions were retired.

What changed

Minor versions are additive and numbered, pinned per request with the minorversion query parameter.
Recent minor versions extend entity fields and query behavior; older minor versions are retired over time.

2025-10-31Feature update

Batch endpoint throttle in production

Intuit applied a dedicated, lower per-minute throttle to the batch endpoint in the production environment, separate from the per-company request rate. Calls to the batch endpoint that exceed this limit return HTTP 429.

What changed

Batch endpoint throttled per realm, separate from the 500-per-minute per-company request rate.
Exceeding the batch limit returns HTTP 429, the signal to back off.

2025-08-01Requires migration

Minor versions 1 to 74 deprecated, version 75 default

Intuit deprecated support for minor versions 1 through 74 of the Accounting API. From this date, requests that do not pin a newer minor version, or pin a deprecated one, default to minor version 75. Apps were asked to pin minorversion=75 and test against it.

What changed

Minor versions 1 through 74 deprecated.
Minor version 75 became the default for the Accounting API.
Requests should pin minorversion=75 explicitly.

2025-01-21Feature update

Accounting API changes announced

Intuit announced upcoming changes to the Accounting API that could impact existing applications, including the move toward minor version 75 and the retirement of older minor versions, giving integrators time to migrate.

What changed

Announced retirement of older minor versions ahead of the August 2025 cutover.
Guidance to migrate to and pin a current minor version.

Pin a minor version and move up on a schedule that suits the integration.

QuickBooks API minor versions ↗

Questions

QuickBooks API, answered.

Does QuickBooks have per-entity permissions, or is it one scope?+

It is essentially one scope. The com.intuit.quickbooks.accounting scope grants full read and write access to every accounting entity in the connected company, with no separate read-only or per-entity accounting scope. The only other accounting-side scope is com.intuit.quickbooks.payment, which is the separate QuickBooks Payments product for charging cards and ACH. Limiting an agent to, say, reading invoices but not deleting them has to be enforced outside the OAuth token.

What is a realmId and where does it go?+

A realmId is the unique id of a connected QuickBooks company, returned when the user authorizes the app. It goes in every request path, as /v3/company/{realmId}/..., so the call targets the right company. Rate limits are applied per realmId, so each connected company has its own quota.

How do I update or delete a record safely?+

Every entity carries a SyncToken that increases each time the record changes. An update posts the full object, or a sparse update, with the current SyncToken; if the token is stale the call is rejected, which prevents overwriting a newer change. Transaction entities like invoices, payments, and bills are deleted with a POST that carries operation=delete and the record's id and SyncToken, rather than an HTTP DELETE. Some name-list entities, like accounts, cannot be deleted and are made inactive instead.

How does the query endpoint work?+

Reads across records go through one shared endpoint, /v3/company/{realmId}/query, with a SQL-like statement such as select * from Invoice where TxnDate > '2026-01-01' orderby TxnDate. It supports where, orderby, STARTPOSITION, and MAXRESULTS, returns at most 1,000 rows per page, and an integration advances STARTPOSITION to page through results. The entity is named in the statement, not the path.

What are the rate limits?+

QuickBooks throttles each connected company separately. The Accounting API allows up to 500 requests per minute per company and at most 10 requests running at once for the app, and the batch endpoint has its own lower per-minute limit. Going over returns HTTP 429, the signal to back off and retry with exponential backoff and jitter.

How do I receive changes instead of polling?+

Webhooks deliver change events. An HTTPS endpoint is registered in the developer portal, and QuickBooks POSTs a notification naming the entity, the operation (Create, Update, Delete), and the company when a record changes. The payload does not include the changed data, so the integration fetches the record afterward, and an intuit-signature header verified against the app's verifier token confirms the request came from Intuit.

What is Bollard AI?

Control what every AI agent can do in QuickBooks.

Bollard AI sits between a team's AI agents and QuickBooks. Grant each agent exactly the access it needs, read or write, resource by resource, and every call is checked and logged.

Set read, write, or full access per agent, never a shared QuickBooks connection.
Denied by default, so an agent reaches only what has been explicitly allowed.
Every call recorded in plain English: who, what, where, and the decision.

Control QuickBooks access in Bollard Browse all APIs →

QuickBooks

Bookkeeping Agent

Read invoices ResourceOffReadFull use

Create bills ActionOffReadFull use

Customers ResourceOffReadFull use

Per-agent access, set in Bollard AI, not in QuickBooks

How the QuickBooks API works.

Connection & authentication methods.

REST API

Webhooks

MCP server (early preview)

OAuth 2.0 (authorization code)

OpenID Connect (sign-in)

What an AI agent can do in QuickBooks.

Customers

Invoices

Items

Payments

Bills

Vendors

Accounts

Company & query

Every QuickBooks API method.

Customers

Invoices

Items

Payments

Bills

Vendors

Accounts

Company & query

Webhook events.

Rate limits, pagination & request size.

Request rate

Pagination

Request size

Status codes & error handling.

Version history.

What changed, and when

QuickBooks API, answered.

More finance API guides for agents

Stripe

FreshBooks

Chargebee

Razorpay

Recurly

Square

Control what every AI agent can do in QuickBooks.