Sample code for 30+ languages & platforms
Delphi DLL

QuickBooks - Automatically Refresh Access Token with No User Interaction

See more QuickBooks Examples

Demonstrates how to automaticaly refresh an expired access token and retry the request after a 401 authorization error.

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, CkDateTime, DtObj, OAuth2, Rest, JsonObject, StringBuilder;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
jsonToken: HCkJsonObject;
rest: HCkRest;
bAutoReconnect: Boolean;
sbAuth: HCkStringBuilder;
responseBody: PWideChar;
oauth2: HCkOAuth2;
sbJson: HCkStringBuilder;
json: HCkJsonObject;
dtime: HCkDateTime;
bLocalTime: Boolean;
dt: HCkDtObj;

begin
success := False;

// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// Get our previously obtained OAuth2 access token, which should contain JSON like this:
// {
//   "expires_in": 3600,
//   "x_refresh_token_expires_in": 8726400,
//   "refresh_token": "L011546037639r ... 3vR2DrbOmg0Sdagw",
//   "access_token": "eyJlbmMiOiJBMTI4Q0 ... oETJEMbeggg",
//   "token_type": "bearer"
// }

jsonToken := CkJsonObject_Create();
success := CkJsonObject_LoadFile(jsonToken,'qa_data/tokens/qb-access-token.json');

rest := CkRest_Create();

// Connect using TLS.
// A single REST object, once connected, can be used for many Quickbooks REST API calls.
// The auto-reconnect indicates that if the already-established HTTPS connection is closed,
// then it will be automatically re-established as needed.
bAutoReconnect := True;
success := CkRest_Connect(rest,'sandbox-quickbooks.api.intuit.com',443,True,bAutoReconnect);
if (success = False) then
  begin
    Memo1.Lines.Add(CkRest__lastErrorText(rest));
    Exit;
  end;

sbAuth := CkStringBuilder_Create();
CkStringBuilder_Append(sbAuth,'Bearer ');
CkStringBuilder_Append(sbAuth,CkJsonObject__stringOf(jsonToken,'access_token'));
CkRest_putAuthorization(rest,CkStringBuilder__getAsString(sbAuth));

CkRest_AddHeader(rest,'Accept','application/json');
CkRest_putAllowHeaderFolding(rest,False);

// The company ID is 123146096291789
// The employee ID is 58
responseBody := CkRest__fullRequestNoBody(rest,'GET','/v3/company/123146096291789/employee/58?minorversion=45');
if (CkRest_getLastMethodSuccess(rest) = False) then
  begin
    Memo1.Lines.Add(CkRest__lastErrorText(rest));
    Exit;
  end;

// If we get a 401 authorization error, then it's likely because the access token expired.
// We can automatically refresh it without interaction from the user.
if (CkRest_getResponseStatusCode(rest) = 401) then
  begin

    oauth2 := CkOAuth2_Create();

    CkOAuth2_putTokenEndpoint(oauth2,'https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer');

    // Replace these with actual values.
    CkOAuth2_putClientId(oauth2,'QUICKBOOKS-CLIENT-ID');
    CkOAuth2_putClientSecret(oauth2,'QUICKBOOKS-CLIENT-SECRET');

    // Get the "refresh_token"
    CkOAuth2_putRefreshToken(oauth2,CkJsonObject__stringOf(jsonToken,'refresh_token'));

    // Send the HTTP POST to refresh the access token..
    success := CkOAuth2_RefreshAccessToken(oauth2);
    if (success = False) then
      begin
        Memo1.Lines.Add(CkOAuth2__lastErrorText(oauth2));
        Exit;
      end;

    Memo1.Lines.Add('New access token: ' + CkOAuth2__accessToken(oauth2));

    // Update the JSON with the new tokens.
    CkJsonObject_UpdateString(jsonToken,'access_token',CkOAuth2__accessToken(oauth2));

    // Save the new JSON access token response to a file.
    // The access + refresh tokens contained in this JSON will be needed for the next refresh.
    sbJson := CkStringBuilder_Create();
    CkJsonObject_putEmitCompact(jsonToken,False);
    CkJsonObject_EmitSb(jsonToken,sbJson);
    CkStringBuilder_WriteFile(sbJson,'qa_data/tokens/qb-access-token.json','utf-8',False);

    Memo1.Lines.Add('OAuth2 token refreshed!');
    Memo1.Lines.Add('New Access Token = ' + CkOAuth2__accessToken(oauth2));

    CkStringBuilder_Clear(sbAuth);
    CkStringBuilder_Append(sbAuth,'Bearer ');
    CkStringBuilder_Append(sbAuth,CkOAuth2__accessToken(oauth2));
    CkRest_putAuthorization(rest,CkStringBuilder__getAsString(sbAuth));

    // Now retry the request with the refreshed access token...
    responseBody := CkRest__fullRequestNoBody(rest,'GET','/v3/company/123146096291789/employee/58?minorversion=45');
    if (CkRest_getLastMethodSuccess(rest) = False) then
      begin
        Memo1.Lines.Add(CkRest__lastErrorText(rest));
        Exit;
      end;

  end;

// We should expect a 200 response if successful.
if (CkRest_getResponseStatusCode(rest) <> 200) then
  begin
    Memo1.Lines.Add('Request Header: ');
    Memo1.Lines.Add(CkRest__lastRequestHeader(rest));
    Memo1.Lines.Add('----');
    Memo1.Lines.Add('Response StatusCode = ' + IntToStr(CkRest_getResponseStatusCode(rest)));
    Memo1.Lines.Add('Response StatusLine: ' + CkRest__responseStatusText(rest));
    Memo1.Lines.Add('Response Header:');
    Memo1.Lines.Add(CkRest__responseHeader(rest));
    Memo1.Lines.Add(responseBody);
    Exit;
  end;

// Load the JSON response into a JSON object for parsing.
// A sample JSON response is shown below.
json := CkJsonObject_Create();
CkJsonObject_Load(json,responseBody);

// These will be used for parsing date/time strings..
dtime := CkDateTime_Create();
bLocalTime := True;

// Show the JSON.   
CkJsonObject_putEmitCompact(json,False);
Memo1.Lines.Add(CkJsonObject__emit(json));

// Get some information from the JSON..
Memo1.Lines.Add('Name: ' + CkJsonObject__stringOf(json,'Employee.DisplayName'));
Memo1.Lines.Add('Id: ' + CkJsonObject__stringOf(json,'Employee.Id'));
Memo1.Lines.Add('City: ' + CkJsonObject__stringOf(json,'Employee.PrimaryAddr.City'));
Memo1.Lines.Add('PostalCode: ' + CkJsonObject__stringOf(json,'Employee.PrimaryAddr.PostalCode'));

// Load the CreateTime into a CkDateTime...
CkDateTime_SetFromTimestamp(dtime,CkJsonObject__stringOf(json,'Employee.MetaData.CreateTime'));
dt := CkDtObj_Create();
CkDateTime_ToDtObj(dtime,bLocalTime,dt);

Memo1.Lines.Add(IntToStr(CkDtObj_getMonth(dt)) + '/' + IntToStr(CkDtObj_getDay(dt)) + '/' + IntToStr(CkDtObj_getYear(dt)) + '  '
     + IntToStr(CkDtObj_getHour(dt)) + ':' + IntToStr(CkDtObj_getMinute(dt)));

Memo1.Lines.Add('Success.');

// Use this online tool to generate parsing code from sample JSON: 
// Generate Parsing Code from JSON

// ------------------------------------------------------
// The JSON response looks like this:

// {
//   "Employee": {
//     "SSN": "XXX-XX-XXXX",
//     "PrimaryAddr": {
//       "Id": "116",
//       "Line1": "45 N. Elm Street",
//       "City": "Middlefield",
//       "CountrySubDivisionCode": "CA",
//       "PostalCode": "93242"
//     },
//     "BillableTime": false,
//     "domain": "QBO",
//     "sparse": false,
//     "Id": "98",
//     "SyncToken": "0",
//     "MetaData": {
//       "CreateTime": "2015-07-24T09:34:35-07:00",
//       "LastUpdatedTime": "2015-07-24T09:34:35-07:00"
//     },
//     "GivenName": "Bill",
//     "FamilyName": "Miller",
//     "DisplayName": "Bill Miller",
//     "PrintOnCheckName": "Bill Miller",
//     "Active": true,
//     "PrimaryPhone": {
//       "FreeFormNumber": "234-525-1234"
//     }
//   },
//   "time": "2015-07-24T09:35:54.805-07:00"
// 

CkJsonObject_Dispose(jsonToken);
CkRest_Dispose(rest);
CkStringBuilder_Dispose(sbAuth);
    CkOAuth2_Dispose(oauth2);
    CkStringBuilder_Dispose(sbJson);
CkJsonObject_Dispose(json);
CkDateTime_Dispose(dtime);
CkDtObj_Dispose(dt);

end;