Sample code for 30+ languages & platforms
Delphi DLL

Quickbooks OAuth1 Authorization (3-legged)

See more QuickBooks Examples

Demonstrates 3-legged OAuth1 authorization for Quickbooks.

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Http, FileAccess, Hashtable, Socket, HttpResponse, OAuth2, StringBuilder, JsonObject, HttpRequest, Task;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
consumerKey: PWideChar;
consumerSecret: PWideChar;
requestTokenUrl: PWideChar;
authorizeUrl: PWideChar;
accessTokenUrl: PWideChar;
callbackUrl: PWideChar;
callbackLocalPort: Integer;
http: HCkHttp;
req: HCkHttpRequest;
resp: HCkHttpResponse;
hashTab1: HCkHashtable;
requestToken: PWideChar;
requestTokenSecret: PWideChar;
sbUrlForBrowser: HCkStringBuilder;
url: PWideChar;
listenSock: HCkSocket;
backLog: Integer;
sock: HCkSocket;
maxWaitMs: Integer;
task: HCkTask;
oauth2: HCkOAuth2;
startLine: PWideChar;
requestHeader: PWideChar;
sbResponseHtml: HCkStringBuilder;
sbResponse: HCkStringBuilder;
sbStartLine: HCkStringBuilder;
numReplacements: Integer;
authVerifier: PWideChar;
hashTab2: HCkHashtable;
accessToken: PWideChar;
accessTokenSecret: PWideChar;
json: HCkJsonObject;
realmId: PWideChar;
dataSource: PWideChar;
fac: HCkFileAccess;

begin
success := False;

consumerKey := 'QUICKBOOKS_CONSUMER_KEY';
consumerSecret := 'QUICKBOOKS_CONSUMER_SECRET';

requestTokenUrl := 'https://oauth.intuit.com/oauth/v1/get_request_token';
authorizeUrl := 'https://appcenter.intuit.com/Connect/Begin';
accessTokenUrl := 'https://oauth.intuit.com/oauth/v1/get_access_token';

// The port number is picked at random. It's some unused port that won't likely conflict with anything else..
callbackUrl := 'http://localhost:3017/';
callbackLocalPort := 3017;

// The 1st step in 3-legged OAuth1.0a is to send a POST to the request token URL to obtain an OAuth Request Token
http := CkHttp_Create();

CkHttp_putOAuth1(http,True);
CkHttp_putOAuthConsumerKey(http,consumerKey);
CkHttp_putOAuthConsumerSecret(http,consumerSecret);
CkHttp_putOAuthCallback(http,callbackUrl);

req := CkHttpRequest_Create();
CkHttpRequest_putHttpVerb(req,'POST');
CkHttpRequest_putContentType(req,'application/x-www-form-urlencoded');

resp := CkHttpResponse_Create();
success := CkHttp_HttpReq(http,requestTokenUrl,req,resp);
if (success = False) then
  begin
    Memo1.Lines.Add(CkHttp__lastErrorText(http));
    Exit;
  end;

if (CkHttpResponse_getStatusCode(resp) >= 400) then
  begin
    Memo1.Lines.Add('Error response status code = ' + IntToStr(CkHttpResponse_getStatusCode(resp)));
    Memo1.Lines.Add(CkHttpResponse__bodyStr(resp));
    Exit;
  end;

// If successful, the resp.BodyStr contains this:  
// oauth_token=-Wa_KwAAAAAAxfEPAAABV8Qar4Q&oauth_token_secret=OfHY4tZBX2HK4f7yIw76WYdvnl99MVGB&oauth_callback_confirmed=true
Memo1.Lines.Add(CkHttpResponse__bodyStr(resp));

hashTab1 := CkHashtable_Create();
CkHashtable_AddQueryParams(hashTab1,CkHttpResponse__bodyStr(resp));

requestToken := CkHashtable__lookupStr(hashTab1,'oauth_token');
requestTokenSecret := CkHashtable__lookupStr(hashTab1,'oauth_token_secret');
CkHttp_putOAuthTokenSecret(http,requestTokenSecret);

Memo1.Lines.Add('oauth_token = ' + requestToken);
Memo1.Lines.Add('oauth_token_secret = ' + requestTokenSecret);

// ---------------------------------------------------------------------------
// The next step is to form a URL to send to the AuthorizeUrl
// This is an HTTP GET that we load into a popup browser.
sbUrlForBrowser := CkStringBuilder_Create();
CkStringBuilder_Append(sbUrlForBrowser,authorizeUrl);
CkStringBuilder_Append(sbUrlForBrowser,'?oauth_token=');
CkStringBuilder_Append(sbUrlForBrowser,requestToken);
url := CkStringBuilder__getAsString(sbUrlForBrowser);

// When the urlForBrowser is loaded into a browser, the response from Quickbooks will redirect back to localhost:3017
// We'll need to start a socket that is listening on port 3017 for the callback from the browser.
listenSock := CkSocket_Create();

backLog := 5;
success := CkSocket_BindAndListen(listenSock,callbackLocalPort,backLog);
if (success = False) then
  begin
    Memo1.Lines.Add(CkSocket__lastErrorText(listenSock));
    Exit;
  end;

// Wait for the browser's connection in a background thread.
// (We'll send load the URL into the browser following this..)
// Wait a max of 60 seconds before giving up.
sock := CkSocket_Create();
maxWaitMs := 60000;
task := CkSocket_AcceptNextAsync(listenSock,maxWaitMs,sock);
CkTask_Run(task);

// Launch the system's default browser navigated to the URL.
oauth2 := CkOAuth2_Create();
success := CkOAuth2_LaunchBrowser(oauth2,url);
if (success = False) then
  begin
    Memo1.Lines.Add(CkOAuth2__lastErrorText(oauth2));
    Exit;
  end;

// Wait for the listenSock's task to complete.
success := CkTask_Wait(task,maxWaitMs);
if (not success or (CkTask_getStatusInt(task) <> 7) or (CkTask_getTaskSuccess(task) <> True)) then
  begin
    if (not success) then
      begin
        // The task.LastErrorText applies to the Wait method call.
        Memo1.Lines.Add(CkTask__lastErrorText(task));
      end
    else
      begin
        // The ResultErrorText applies to the underlying task method call (i.e. the AcceptNextConnection)
        Memo1.Lines.Add(CkTask__status(task));
        Memo1.Lines.Add(CkTask__resultErrorText(task));
      end;
    CkTask_Dispose(task);
    Exit;
  end;

// If we get to this point, the connection from the browser arrived and was accepted.

// We no longer need the listen socket...
// Close it so that it's no longer listening on port 3017.
CkSocket_Close(listenSock,10);

CkTask_Dispose(task);

// Read the start line of the request..
startLine := CkSocket__receiveUntilMatch(sock,#13#10);
if (CkSocket_getLastMethodSuccess(sock) = False) then
  begin
    Memo1.Lines.Add(CkSocket__lastErrorText(sock));
    Exit;
  end;

// Read the request header.
requestHeader := CkSocket__receiveUntilMatch(sock,#13#10 + #13#10);
if (CkSocket_getLastMethodSuccess(sock) = False) then
  begin
    Memo1.Lines.Add(CkSocket__lastErrorText(sock));
    Exit;
  end;

// The browser SHOULD be sending us a GET request, and therefore there is no body to the request.
// Once the request header is received, we have all of it.
// We can now send our HTTP response.
sbResponseHtml := CkStringBuilder_Create();
CkStringBuilder_Append(sbResponseHtml,'<html><body><p>Chilkat thanks you!</b></body</html>');

sbResponse := CkStringBuilder_Create();
CkStringBuilder_Append(sbResponse,'HTTP/1.1 200 OK' + #13#10);
CkStringBuilder_Append(sbResponse,'Content-Length: ');
CkStringBuilder_AppendInt(sbResponse,CkStringBuilder_getLength(sbResponseHtml));
CkStringBuilder_Append(sbResponse,#13#10);
CkStringBuilder_Append(sbResponse,'Content-Type: text/html' + #13#10);
CkStringBuilder_Append(sbResponse,#13#10);
CkStringBuilder_AppendSb(sbResponse,sbResponseHtml);

CkSocket_SendString(sock,CkStringBuilder__getAsString(sbResponse));
CkSocket_Close(sock,50);

// The information we need is in the startLine.
// For example, the startLine will look like this:
//  GET /?oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd HTTP/1.1
sbStartLine := CkStringBuilder_Create();
CkStringBuilder_Append(sbStartLine,startLine);
numReplacements := CkStringBuilder_Replace(sbStartLine,'GET /?','');
numReplacements := CkStringBuilder_Replace(sbStartLine,' HTTP/1.1','');
CkStringBuilder_Trim(sbStartLine);

// oauth_token=qyprdP04IrTDIXtP1HRZz0geQdjXHVlGDxXPexlXZsjZNRcY&oauth_verifier=arx5pj5&realmId=193514465596199&dataSource=QBO
Memo1.Lines.Add('startline: ' + CkStringBuilder__getAsString(sbStartLine));

CkHashtable_Clear(hashTab1);
CkHashtable_AddQueryParams(hashTab1,CkStringBuilder__getAsString(sbStartLine));

requestToken := CkHashtable__lookupStr(hashTab1,'oauth_token');
authVerifier := CkHashtable__lookupStr(hashTab1,'oauth_verifier');

// ------------------------------------------------------------------------------
// Finally , we must exchange the OAuth Request Token for an OAuth Access Token.

CkHttp_putOAuthToken(http,requestToken);
CkHttp_putOAuthVerifier(http,authVerifier);

CkHttpRequest_putHttpVerb(req,'POST');
CkHttpRequest_putContentType(req,'application/x-www-form-urlencoded');

success := CkHttp_HttpReq(http,accessTokenUrl,req,resp);
if (success = False) then
  begin
    Memo1.Lines.Add(CkHttp__lastErrorText(http));
    Exit;
  end;

// Make sure a successful response was received.
if (CkHttpResponse_getStatusCode(resp) <> 200) then
  begin
    Memo1.Lines.Add(CkHttpResponse__statusLine(resp));
    Memo1.Lines.Add(CkHttpResponse__header(resp));
    Memo1.Lines.Add(CkHttpResponse__bodyStr(resp));
    Exit;
  end;

// If successful, the resp.BodyStr contains something like this:
// oauth_token=12347455-ffffrrlaBdCjbdGfyjZabcdb5APNtuTPNabcdEpp&oauth_token_secret=RxxxxJ8mTzUhwES4xxxxuJyFWDN8ZfHmrabcddh88LmWE
Memo1.Lines.Add(CkHttpResponse__bodyStr(resp));

hashTab2 := CkHashtable_Create();
CkHashtable_AddQueryParams(hashTab2,CkHttpResponse__bodyStr(resp));

accessToken := CkHashtable__lookupStr(hashTab2,'oauth_token');
accessTokenSecret := CkHashtable__lookupStr(hashTab2,'oauth_token_secret');

// The access token + secret is what should be saved and used for
// subsequent REST API calls.
Memo1.Lines.Add('Access Token = ' + accessToken);
Memo1.Lines.Add('Access Token Secret = ' + accessTokenSecret);

// Save this access token for future calls.
json := CkJsonObject_Create();
CkJsonObject_AppendString(json,'oauth_token',accessToken);
CkJsonObject_AppendString(json,'oauth_token_secret',accessTokenSecret);

// Also save the realmId and dataSource from hashTab1.
realmId := CkHashtable__lookupStr(hashTab1,'realmId');
Memo1.Lines.Add('realmId = ' + realmId);
dataSource := CkHashtable__lookupStr(hashTab1,'dataSource');
Memo1.Lines.Add('dataSource = ' + dataSource);

CkJsonObject_AppendString(json,'realmId',realmId);
CkJsonObject_AppendString(json,'dataSource',dataSource);

fac := CkFileAccess_Create();
CkFileAccess_WriteEntireTextFile(fac,'qa_data/tokens/quickbooks.json',CkJsonObject__emit(json),'utf-8',False);

Memo1.Lines.Add('Success.');

CkHttp_Dispose(http);
CkHttpRequest_Dispose(req);
CkHttpResponse_Dispose(resp);
CkHashtable_Dispose(hashTab1);
CkStringBuilder_Dispose(sbUrlForBrowser);
CkSocket_Dispose(listenSock);
CkSocket_Dispose(sock);
CkOAuth2_Dispose(oauth2);
CkStringBuilder_Dispose(sbResponseHtml);
CkStringBuilder_Dispose(sbResponse);
CkStringBuilder_Dispose(sbStartLine);
CkHashtable_Dispose(hashTab2);
CkJsonObject_Dispose(json);
CkFileAccess_Dispose(fac);

end;