Sample code for 30+ languages & platforms
Delphi ActiveX

Quickbooks OAuth1 Authorization (3-legged)

See more QuickBooks Examples

Demonstrates 3-legged OAuth1 authorization for Quickbooks.

Chilkat Delphi ActiveX Downloads

Delphi ActiveX
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Chilkat_TLB;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Integer;
consumerKey: WideString;
consumerSecret: WideString;
requestTokenUrl: WideString;
authorizeUrl: WideString;
accessTokenUrl: WideString;
callbackUrl: WideString;
callbackLocalPort: Integer;
http: TChilkatHttp;
req: TChilkatHttpRequest;
resp: TChilkatHttpResponse;
hashTab1: TChilkatHashtable;
requestToken: WideString;
requestTokenSecret: WideString;
sbUrlForBrowser: TChilkatStringBuilder;
url: WideString;
listenSock: TChilkatSocket;
backLog: Integer;
sock: TChilkatSocket;
maxWaitMs: Integer;
task: IChilkatTask;
oauth2: TChilkatOAuth2;
startLine: WideString;
requestHeader: WideString;
sbResponseHtml: TChilkatStringBuilder;
sbResponse: TChilkatStringBuilder;
sbStartLine: TChilkatStringBuilder;
numReplacements: Integer;
authVerifier: WideString;
hashTab2: TChilkatHashtable;
accessToken: WideString;
accessTokenSecret: WideString;
json: TChilkatJsonObject;
realmId: WideString;
dataSource: WideString;
fac: TCkFileAccess;

begin
success := 0;

consumerKey := 'QUICKBOOKS_CONSUMER_KEY';
consumerSecret := 'QUICKBOOKS_CONSUMER_SECRET';

requestTokenUrl := 'https://oauth.intuit.com/oauth/v1/get_request_token';
authorizeUrl := 'https://appcenter.intuit.com/Connect/Begin';
accessTokenUrl := 'https://oauth.intuit.com/oauth/v1/get_access_token';

// The port number is picked at random. It's some unused port that won't likely conflict with anything else..
callbackUrl := 'http://localhost:3017/';
callbackLocalPort := 3017;

// The 1st step in 3-legged OAuth1.0a is to send a POST to the request token URL to obtain an OAuth Request Token
http := TChilkatHttp.Create(Self);

http.OAuth1 := 1;
http.OAuthConsumerKey := consumerKey;
http.OAuthConsumerSecret := consumerSecret;
http.OAuthCallback := callbackUrl;

req := TChilkatHttpRequest.Create(Self);
req.HttpVerb := 'POST';
req.ContentType := 'application/x-www-form-urlencoded';

resp := TChilkatHttpResponse.Create(Self);
success := http.HttpReq(requestTokenUrl,req.ControlInterface,resp.ControlInterface);
if (success = 0) then
  begin
    Memo1.Lines.Add(http.LastErrorText);
    Exit;
  end;

if (resp.StatusCode >= 400) then
  begin
    Memo1.Lines.Add('Error response status code = ' + IntToStr(resp.StatusCode));
    Memo1.Lines.Add(resp.BodyStr);
    Exit;
  end;

// If successful, the resp.BodyStr contains this:  
// oauth_token=-Wa_KwAAAAAAxfEPAAABV8Qar4Q&oauth_token_secret=OfHY4tZBX2HK4f7yIw76WYdvnl99MVGB&oauth_callback_confirmed=true
Memo1.Lines.Add(resp.BodyStr);

hashTab1 := TChilkatHashtable.Create(Self);
hashTab1.AddQueryParams(resp.BodyStr);

requestToken := hashTab1.LookupStr('oauth_token');
requestTokenSecret := hashTab1.LookupStr('oauth_token_secret');
http.OAuthTokenSecret := requestTokenSecret;

Memo1.Lines.Add('oauth_token = ' + requestToken);
Memo1.Lines.Add('oauth_token_secret = ' + requestTokenSecret);

// ---------------------------------------------------------------------------
// The next step is to form a URL to send to the AuthorizeUrl
// This is an HTTP GET that we load into a popup browser.
sbUrlForBrowser := TChilkatStringBuilder.Create(Self);
sbUrlForBrowser.Append(authorizeUrl);
sbUrlForBrowser.Append('?oauth_token=');
sbUrlForBrowser.Append(requestToken);
url := sbUrlForBrowser.GetAsString();

// When the urlForBrowser is loaded into a browser, the response from Quickbooks will redirect back to localhost:3017
// We'll need to start a socket that is listening on port 3017 for the callback from the browser.
listenSock := TChilkatSocket.Create(Self);

backLog := 5;
success := listenSock.BindAndListen(callbackLocalPort,backLog);
if (success = 0) then
  begin
    Memo1.Lines.Add(listenSock.LastErrorText);
    Exit;
  end;

// Wait for the browser's connection in a background thread.
// (We'll send load the URL into the browser following this..)
// Wait a max of 60 seconds before giving up.
sock := TChilkatSocket.Create(Self);
maxWaitMs := 60000;
task := listenSock.AcceptNextAsync(maxWaitMs,sock.ControlInterface);
task.Run();

// Launch the system's default browser navigated to the URL.
oauth2 := TChilkatOAuth2.Create(Self);
success := oauth2.LaunchBrowser(url);
if (success = 0) then
  begin
    Memo1.Lines.Add(oauth2.LastErrorText);
    Exit;
  end;

// Wait for the listenSock's task to complete.
success := task.Wait(maxWaitMs);
if (not success or (task.StatusInt <> 7) or (task.TaskSuccess <> 1)) then
  begin
    if (not success) then
      begin
        // The task.LastErrorText applies to the Wait method call.
        Memo1.Lines.Add(task.LastErrorText);
      end
    else
      begin
        // The ResultErrorText applies to the underlying task method call (i.e. the AcceptNextConnection)
        Memo1.Lines.Add(task.Status);
        Memo1.Lines.Add(task.ResultErrorText);
      end;

    Exit;
  end;

// If we get to this point, the connection from the browser arrived and was accepted.

// We no longer need the listen socket...
// Close it so that it's no longer listening on port 3017.
listenSock.Close(10);

// Read the start line of the request..
startLine := sock.ReceiveUntilMatch(#13#10);
if (sock.LastMethodSuccess = 0) then
  begin
    Memo1.Lines.Add(sock.LastErrorText);
    Exit;
  end;

// Read the request header.
requestHeader := sock.ReceiveUntilMatch(#13#10 + #13#10);
if (sock.LastMethodSuccess = 0) then
  begin
    Memo1.Lines.Add(sock.LastErrorText);
    Exit;
  end;

// The browser SHOULD be sending us a GET request, and therefore there is no body to the request.
// Once the request header is received, we have all of it.
// We can now send our HTTP response.
sbResponseHtml := TChilkatStringBuilder.Create(Self);
sbResponseHtml.Append('<html><body><p>Chilkat thanks you!</b></body</html>');

sbResponse := TChilkatStringBuilder.Create(Self);
sbResponse.Append('HTTP/1.1 200 OK' + #13#10);
sbResponse.Append('Content-Length: ');
sbResponse.AppendInt(sbResponseHtml.Length);
sbResponse.Append(#13#10);
sbResponse.Append('Content-Type: text/html' + #13#10);
sbResponse.Append(#13#10);
sbResponse.AppendSb(sbResponseHtml.ControlInterface);

sock.SendString(sbResponse.GetAsString());
sock.Close(50);

// The information we need is in the startLine.
// For example, the startLine will look like this:
//  GET /?oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd HTTP/1.1
sbStartLine := TChilkatStringBuilder.Create(Self);
sbStartLine.Append(startLine);
numReplacements := sbStartLine.Replace('GET /?','');
numReplacements := sbStartLine.Replace(' HTTP/1.1','');
sbStartLine.Trim();

// oauth_token=qyprdP04IrTDIXtP1HRZz0geQdjXHVlGDxXPexlXZsjZNRcY&oauth_verifier=arx5pj5&realmId=193514465596199&dataSource=QBO
Memo1.Lines.Add('startline: ' + sbStartLine.GetAsString());

hashTab1.Clear();
hashTab1.AddQueryParams(sbStartLine.GetAsString());

requestToken := hashTab1.LookupStr('oauth_token');
authVerifier := hashTab1.LookupStr('oauth_verifier');

// ------------------------------------------------------------------------------
// Finally , we must exchange the OAuth Request Token for an OAuth Access Token.

http.OAuthToken := requestToken;
http.OAuthVerifier := authVerifier;

req.HttpVerb := 'POST';
req.ContentType := 'application/x-www-form-urlencoded';

success := http.HttpReq(accessTokenUrl,req.ControlInterface,resp.ControlInterface);
if (success = 0) then
  begin
    Memo1.Lines.Add(http.LastErrorText);
    Exit;
  end;

// Make sure a successful response was received.
if (resp.StatusCode <> 200) then
  begin
    Memo1.Lines.Add(resp.StatusLine);
    Memo1.Lines.Add(resp.Header);
    Memo1.Lines.Add(resp.BodyStr);
    Exit;
  end;

// If successful, the resp.BodyStr contains something like this:
// oauth_token=12347455-ffffrrlaBdCjbdGfyjZabcdb5APNtuTPNabcdEpp&oauth_token_secret=RxxxxJ8mTzUhwES4xxxxuJyFWDN8ZfHmrabcddh88LmWE
Memo1.Lines.Add(resp.BodyStr);

hashTab2 := TChilkatHashtable.Create(Self);
hashTab2.AddQueryParams(resp.BodyStr);

accessToken := hashTab2.LookupStr('oauth_token');
accessTokenSecret := hashTab2.LookupStr('oauth_token_secret');

// The access token + secret is what should be saved and used for
// subsequent REST API calls.
Memo1.Lines.Add('Access Token = ' + accessToken);
Memo1.Lines.Add('Access Token Secret = ' + accessTokenSecret);

// Save this access token for future calls.
json := TChilkatJsonObject.Create(Self);
json.AppendString('oauth_token',accessToken);
json.AppendString('oauth_token_secret',accessTokenSecret);

// Also save the realmId and dataSource from hashTab1.
realmId := hashTab1.LookupStr('realmId');
Memo1.Lines.Add('realmId = ' + realmId);
dataSource := hashTab1.LookupStr('dataSource');
Memo1.Lines.Add('dataSource = ' + dataSource);

json.AppendString('realmId',realmId);
json.AppendString('dataSource',dataSource);

fac := TCkFileAccess.Create(Self);
fac.WriteEntireTextFile('qa_data/tokens/quickbooks.json',json.Emit(),'utf-8',0);

Memo1.Lines.Add('Success.');
end;