Scopes limit what data your app can read and update. Instead of getting broad permissions for everything, set granular permissions so your app only focuses on what’s necessary.
Here are the scopes for the Intuit QuickBooks Workforce API:
| Scope | Description | Sensitive Data? |
|---|---|---|
qb.company.read |
Grants read access to company information. | |
qb.company.taxidentifier.read |
Grants read access to the tax identifier (EIN, CBN) for the company. | Yes |
qb.employee.read |
Grants read access to employee data. | |
qb.employee.taxidentifier.read |
Grants read access to the tax identifier (SSN, SIN) for the employee. | Yes |
qb.employee.birthdate.read |
Grants read access to employee date of birth. | |
qb.payroll.compensation.read |
Grants read access to payslips. | |
qb.payroll.benefits |
Grants access to payroll benefits, deductions, and pensions. | |
payroll.compensation.read |
Allows read access to pay types (i.e., compensation). Compensation data can only be queried for customers using QuickBooks Workforce. |
Note
Note: Sensitive data requires additional legal agreement and manual onboarding with our support team.
Endpoints are the locations on our server where apps send requests to call APIs.
For the Workforce GraphQL API, there’s only one endpoint. No matter which entities or fields you include in your queries, requests all go to the same endpoint. The Time resources also use the Accounting REST API.
https://qb.api.intuit.com/graphqlhttps://quickbooks.api.intuit.com/v3/company/{realmid}/{entityname}?minorversion=75Note
Note: The Intuit QuickBooks Workforce API is currently not available in sandbox.
The following are required headers for API resources.
application/jsonBearer access_token