(Node.js) QuickBooks - Automatically Refresh Access Token with No User Interaction

Demonstrates how to automaticaly refresh an expired access token and retry the request after a 401 authorization error.

Install Chilkat for Node.js and Electron using npm at Chilkat npm packages for Node.js Chilkat npm packages for Electron on Windows, Linux, MacOSX, and ARM

var os = require('os');
if (os.platform() == 'win32') {  
    if (os.arch() == 'ia32') {
        var chilkat = require('@chilkat/ck-node21-win-ia32');
    } else {
        var chilkat = require('@chilkat/ck-node21-win64'); 
    }
} else if (os.platform() == 'linux') {
    if (os.arch() == 'arm') {
        var chilkat = require('@chilkat/ck-node21-arm');
    } else if (os.arch() == 'x86') {
        var chilkat = require('@chilkat/ck-node21-linux32');
    } else {
        var chilkat = require('@chilkat/ck-node21-linux64');
    }
} else if (os.platform() == 'darwin') {
    if (os.arch() == 'arm64') {
        var chilkat = require('@chilkat/ck-node21-mac-m1');
    } else {
        var chilkat = require('@chilkat/ck-node21-macosx');
    }
}

function chilkatExample() {

    // This example assumes the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // Get our previously obtained OAuth2 access token, which should contain JSON like this:
    // {
    //   "expires_in": 3600,
    //   "x_refresh_token_expires_in": 8726400,
    //   "refresh_token": "L011546037639r ... 3vR2DrbOmg0Sdagw",
    //   "access_token": "eyJlbmMiOiJBMTI4Q0 ... oETJEMbeggg",
    //   "token_type": "bearer"
    // }

    var jsonToken = new chilkat.JsonObject();
    var success = jsonToken.LoadFile("qa_data/tokens/qb-access-token.json");

    var rest = new chilkat.Rest();

    // Connect using TLS.
    // A single REST object, once connected, can be used for many Quickbooks REST API calls.
    // The auto-reconnect indicates that if the already-established HTTPS connection is closed,
    // then it will be automatically re-established as needed.
    var bAutoReconnect = true;
    success = rest.Connect("sandbox-quickbooks.api.intuit.com",443,true,bAutoReconnect);
    if (success !== true) {
        console.log(rest.LastErrorText);
        return;
    }

    var sbAuth = new chilkat.StringBuilder();
    sbAuth.Append("Bearer ");
    sbAuth.Append(jsonToken.StringOf("access_token"));
    rest.Authorization = sbAuth.GetAsString();

    rest.AddHeader("Accept","application/json");
    rest.AllowHeaderFolding = false;

    // The company ID is 123146096291789
    // The employee ID is 58
    var responseBody = rest.FullRequestNoBody("GET","/v3/company/123146096291789/employee/58?minorversion=45");
    if (rest.LastMethodSuccess !== true) {
        console.log(rest.LastErrorText);
        return;
    }

    // If we get a 401 authorization error, then it's likely because the access token expired.
    // We can automatically refresh it without interaction from the user.
    if (rest.ResponseStatusCode == 401) {

        var oauth2 = new chilkat.OAuth2();

        oauth2.TokenEndpoint = "https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer";

        // Replace these with actual values.
        oauth2.ClientId = "QUICKBOOKS-CLIENT-ID";
        oauth2.ClientSecret = "QUICKBOOKS-CLIENT-SECRET";

        // Get the "refresh_token"
        oauth2.RefreshToken = jsonToken.StringOf("refresh_token");

        // Send the HTTP POST to refresh the access token..
        success = oauth2.RefreshAccessToken();
        if (success !== true) {
            console.log(oauth2.LastErrorText);
            return;
        }

        console.log("New access token: " + oauth2.AccessToken);

        // Update the JSON with the new tokens.
        jsonToken.UpdateString("access_token",oauth2.AccessToken);

        // Save the new JSON access token response to a file.
        // The access + refresh tokens contained in this JSON will be needed for the next refresh.
        var sbJson = new chilkat.StringBuilder();
        jsonToken.EmitCompact = false;
        jsonToken.EmitSb(sbJson);
        sbJson.WriteFile("qa_data/tokens/qb-access-token.json","utf-8",false);

        console.log("OAuth2 token refreshed!");
        console.log("New Access Token = " + oauth2.AccessToken);

        sbAuth.Clear();
        sbAuth.Append("Bearer ");
        sbAuth.Append(oauth2.AccessToken);
        rest.Authorization = sbAuth.GetAsString();

        // Now retry the request with the refreshed access token...
        responseBody = rest.FullRequestNoBody("GET","/v3/company/123146096291789/employee/58?minorversion=45");
        if (rest.LastMethodSuccess !== true) {
            console.log(rest.LastErrorText);
            return;
        }

    }

    // We should expect a 200 response if successful.
    if (rest.ResponseStatusCode !== 200) {
        console.log("Request Header: ");
        console.log(rest.LastRequestHeader);
        console.log("----");
        console.log("Response StatusCode = " + rest.ResponseStatusCode);
        console.log("Response StatusLine: " + rest.ResponseStatusText);
        console.log("Response Header:");
        console.log(rest.ResponseHeader);
        console.log(responseBody);
        return;
    }

    // Load the JSON response into a JSON object for parsing.
    // A sample JSON response is shown below.
    var json = new chilkat.JsonObject();
    json.Load(responseBody);

    // These will be used for parsing date/time strings..
    var dtime = new chilkat.CkDateTime();
    var bLocalTime = true;
    // dt: DtObj
    var dt;

    // Show the JSON.   
    json.EmitCompact = false;
    console.log(json.Emit());

    // Get some information from the JSON..
    console.log("Name: " + json.StringOf("Employee.DisplayName"));
    console.log("Id: " + json.StringOf("Employee.Id"));
    console.log("City: " + json.StringOf("Employee.PrimaryAddr.City"));
    console.log("PostalCode: " + json.StringOf("Employee.PrimaryAddr.PostalCode"));

    // Load the CreateTime into a CkDateTime...
    dtime.SetFromTimestamp(json.StringOf("Employee.MetaData.CreateTime"));
    dt = dtime.GetDtObj(bLocalTime);
    console.log(dt.Month + "/" + dt.Day + "/" + dt.Year + "  " + dt.Hour + ":" + dt.Minute);

    console.log("Success.");

    // Use this online tool to generate parsing code from sample JSON: 
    // Generate Parsing Code from JSON

    // ------------------------------------------------------
    // The JSON response looks like this:

    // {
    //   "Employee": {
    //     "SSN": "XXX-XX-XXXX",
    //     "PrimaryAddr": {
    //       "Id": "116",
    //       "Line1": "45 N. Elm Street",
    //       "City": "Middlefield",
    //       "CountrySubDivisionCode": "CA",
    //       "PostalCode": "93242"
    //     },
    //     "BillableTime": false,
    //     "domain": "QBO",
    //     "sparse": false,
    //     "Id": "98",
    //     "SyncToken": "0",
    //     "MetaData": {
    //       "CreateTime": "2015-07-24T09:34:35-07:00",
    //       "LastUpdatedTime": "2015-07-24T09:34:35-07:00"
    //     },
    //     "GivenName": "Bill",
    //     "FamilyName": "Miller",
    //     "DisplayName": "Bill Miller",
    //     "PrintOnCheckName": "Bill Miller",
    //     "Active": true,
    //     "PrimaryPhone": {
    //       "FreeFormNumber": "234-525-1234"
    //     }
    //   },
    //   "time": "2015-07-24T09:35:54.805-07:00"
    // 

}

chilkatExample();