Quickbooks Questionnaire
QuickBooks Online App Assessment Questionnaire for Knit API
Guidance on completing Intuit’s app assessment process
Introduction
All apps that intend to access QuickBooks Online production data must fill in a questionnaire as part of Intuit’s app assessment process. Many questions require information about your organization and your app’s use case. Questions specific to Knit API (https://www.getknit.dev) are highlighted in bold.
Questionnaire
1. General questions
There are no Knit-specific items in this section. Answer based on your organization.
2. Lending
This section appears only if you indicated “Lender” earlier.
- If you’re not a lender, skip.
- If you are a lender but don’t see these prompts, go to Production Settings in the Developer Dashboard and enable Lending.
There are no Knit-specific items here.
3. App information
Which of the following is true about your app?
(At least one option must be checked)
| Option | Description |
|---|---|
| a | You built your app from scratch and wrote the code that lets it interact with Intuit APIs. |
| b | You used another platform or tool to build and code your app. |
| c | Your app acts as a platform that lets other developers integrate with QuickBooks. |
| d | You require users to create an additional Intuit Developer profile to use your app. |
| e | You created this app to get credentials/keys for another platform integration. |
Once you select option b
| Question | Response |
|---|---|
| What’s the name of the platform or tool? | Knit API |
| Provide a link to the platform’s website | https://www.getknit.dev |
| Describe how your app interacts with it | We manage QBO connections and data via Knit’s REST API |
What platform(s) does your app utilize and make API calls from?
This question should be answered by the app's developer.
How does your app interact with Intuit product data?
This question should be answered by the app's developer.
Are you building a private app or planning to make it publicly available?
| Option | Description |
|---|---|
| a | We’re building a private app |
| b | We plan to make our app publicly available |
After selection option b, you will be asked estimated number of users.
Which types of QuickBooks Online users can use your app?
| Option | Description |
|---|---|
| a | Any admin of the QuickBooks Online company |
| b | Any user of the QuickBooks Online company |
Does your app integrate with platforms other than Intuit?
This question should be answered by the app's developer.
4. Authorization & authentication
Have you tested connect/disconnect/reconnect flows in a sandbox company?
This question should be answered by the app's developer. Testing the app is a mandatory requirement and Intuit will reject the app if you provide No as a response.
How often does your app refresh access tokens?
| Option |
|---|
| a) Every time it makes an API call |
| b) Only when access tokens expire |
| c) More than once a day |
| d) Daily |
| e) Weekly |
| f) Other – specify a timeframe |
Does your app retry authorization/authentication requests that have failed?
| Option |
|---|
| a) Yes |
| b) No |
If your app encounters an auth error, do you prompt customers to reconnect?
| Option |
|---|
| a) Yes |
| b) No |
Did you use the Intuit discovery document for OAuth2 endpoints?
| Option |
|---|
| a) Yes |
| b) No |
Can your app handle these scenarios?
| Scenario | Recommended for Knit |
|---|---|
| Errors due to expired access tokens | Yes |
| Errors due to expired refresh tokens | Yes |
| Invalid grant errors | Yes |
| CSRF token errors | Yes |
Does your app rely on the OAuth playground or offline tools for tokens?
| Option |
|---|
| a) Yes |
| b) No |
5. API usage
Which of the broad API categories does your app use?
| Category | Recommended for Knit |
|---|---|
| Accounting API | Yes |
| Payments API | No |
| Payroll API | No |
Knit does not integrate with the Payments or Payroll APIs.
How often does your app call Intuit APIs for each customer?
This question should be answered by the app's developer.
6. Accounting API
(This section appears once you select Accounting API above.)
Which customer-facing QBO versions does your app support?
| Version | Recommended for Knit |
|---|---|
| Simple Start | No |
| Essentials | Yes |
| Plus | Yes |
| Advanced | Yes |
Can your app handle users gaining/losing version-specific features?
| Option |
|---|
| a) Yes |
| b) No |
After selecting Yes
| Question | Answer |
|---|---|
| Tell us how you plan to handle this situation | For gains in features, there is no impact to the end user. For loss of features, error messages are generated where permissions for the required features are missing. |
Does your app utilize any of the following features?
| Feature | Recommended for Knit |
|---|---|
| Multicurrency | Yes |
| Sales tax – US companies | Yes |
| Sales tax – non-US companies | Yes |
| None of the above |
Do you use QuickBooks webhooks?
| Option |
|---|
| a) Yes |
| b) No |
Knit is yet to release support for quickbooks native webhook
Do you use CDC (Change Data Capture)?
| Option |
|---|
| a) Yes |
| b) No |
7. Error handling
Have you tested handling API errors (syntax, validation, etc.)?
| Option | |
|---|---|
| a) Yes | |
| b) No |
Do you capture the intuit_tid header for diagnostics?
intuit_tid header for diagnostics?| Option | |
|---|---|
| a) Yes | |
| b) No |
Do you log all error details for troubleshooting?
| Option | |
|---|---|
| a) Yes | |
| b) No |
Do you provide in-app support contact options?
This question should be answered by the app's developer.
8. Security
Has your company ever had a security breach requiring notification?
This question should be answered by the app's developer.
Do you have a security team that regularly assesses vulnerabilities and risks?
Are the client ID and client secret stored securely (not hardcoded)?
| Option |
|---|
| a) Yes |
| b) No |
Does your app enforce multi-factor authentication?
This question should be answered by the app's developer.
Does your app use CAPTCHA for authentication?
This question should be answered by the app's developer.
Does your app use WebSockets?
This question should be answered by the app's developer.
Once a customer’s Intuit data is in your system, do you allow it to be used by or shown to anyone other than that customer?
This question should be answered by the app's developer.
Updated 1 day ago