Go back to the main page

Getting Started with QuickBooks Online Webhooks


Webhooks finally have landed.

You can start rewriting your CDC polling code now . Well maybe not. As a prerequisite for this tutorial you need to be able to start up the qbo_api example app. If you haven't done that, do it now and come back.

  1. Switch into your local qbo_api directory.
  2. Start up the example app
  3.   $ shotgun example/app.rb
  4. Go to your QuickBooks Online API app you created for your start up example and click on the "Settings" link.
  5. Make sure you are in the "Development" and NOT "Production" area.
  6. Go down to the "Webhooks" section. You will see that we need to submit a URL so Intuit can POST webhook requests to. The standard way to do this in development is to use ngrok.
  7. Download ngrok and put it in a auto-loaded path. e.g. /usr/local/bin/
  8. Fire up ngrok on port 9393.
  9.     $ ngrok http 9393
    Here is the output of the ngrok http 9393 command.
  10. Copy the https:// url that the ngrok generates.
  11. Next, go back to https://developer.intuit.com and put this URL with /webhooks added to the end of it.
    Add the ngrok URL plus /webhooks route in the app settings page.
  12. Enable "Estimate" events to receive webhooks and hit "Save".
  13. Now we are almost ready to test.
  14. Let's add the /webhooks route to the example app.
  15. Open up example/app.rb and add this post route.
    post '/webhooks' do
      data = request.body.read
      puts JSON.parse data
      verified = verify_webhook(data, env['HTTP_INTUIT_SIGNATURE'])
      puts "Verified: #{verified}"
  17. Next, let's add the verify_webhook method.
    helpers do
      def verify_webhook(data, hmac_header)
        digest  = OpenSSL::Digest.new('sha256')    
        calculated_hmac = Base64.encode64(OpenSSL::HMAC.digest(digest, VERIFIER_TOKEN, data)).strip    
        calculated_hmac == hmac_header
  19. You'll also need to require the openssl and base64 libraries.
  20. require 'openssl'
    require 'base64'
  21. You are going to need to add the VERIFIER_TOKEN variable.
  22. Go back Intuit Developer and copy the verifier token to your clipboard.
  23. This section is at the 7:47 mark.
    Copying the verifier token.
  24. Add the verifier token to the .env file like so:
  25. ...  
    export QBO_API_COMPANY_ID=1441111111
    export QBO_API_VERIFIER_TOKEN=[put here]
  26. Then in the example/app.rb put in this (below the CONSUMER_SECRET constant):
    This section is at the 10:10 mark.
  28. Open up your sandbox that was used when performing Spinning up an example app step.
  29. Copy this URL (https://sandbox.qbo.intuit.com/app/estimate?txn=100) and paste into the address bar after logging into the sandbox to go directly to Estimate 1001.
  30. Change the Status from "Pending" to "Accepted" and hit "Save".
  31. You don't have to fill out the Accepted Status date.
  32. Go back the console where example app is running and look for the incoming request.
  33. Look here for the incoming webhook request.
    In took about 15 seconds but it arrives!
  34. From this point you want to parse the JSON, putting the results into a queue for backend processing.


QuickBooks Online Webhooks support is going to radically simplify syncing user actions on QBO to your app. I am planning on perhaps 2 more webhooks tutorials so sign up for the newsletter below. Lastly, make sure you read Intuit's Best Practices section.