What Causes the QuickBooks invalid_grant Error?

An invalid_grant error may happen during the OAuth 2.0 authentication flow for QuickBooks during the access (bearer) token request or the token refresh request.

When retrieving the access token, this error may happen because:

1. An incorrect redirect URI was specified in the request

2. An incorrect OAuth 2.0 key was used

When refreshing OAuth 2.0 tokens, this error happen for a few reasons including:

1. There’s an outage on QuickBooks

2. If the refresh token has expired or revoked

For additional details, check out this document.

Resolution

If you are getting an invalid_grant error when getting the access (bearer token):

1. Make sure the redirect URI in your request matches the one provided in your app’s keys & credentials setting.

2. Verify that the correct Client ID and Client Secret are used to create the base64 encoded authorization string.

POST https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer HTTP/1.1
Accept: application/json
Authorization: Basic base64encode($CLIENT_ID + ":" + $CLIENT_SECRET)
Content-Type: application/x-www-form-urlencoded
Host: oauth.platform.intuit.com
Body: grant_type=authorization_code&
code=$CODE&
redirect_uri=$REDIRECT_URI

If you are getting an invalid_grant error when refreshing tokens:

1. Check if there’s an outage for QuickBooks Online API from the status page.

2. Try requesting for a new pair of access and refresh tokens.

POST https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer HTTP/1.1
Accept: application/json
Authorization: Basic base64encode($CLIENT_ID + ":" + $CLIENT_SECRET)
Content-Type: application/x-www-form-urlencoded
Host: oauth.platform.intuit.com
Body: grant_type=authorization_code&
code=$CODE&
redirect_uri=$REDIRECT_URI

QuickBooks bearer token request

POST https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer HTTP/1.1
Accept: application/json
Authorization: Basic base64encode($CLIENT_ID + ":" + $CLIENT_SECRET)
Content-Type: application/x-www-form-urlencoded
Body: grant_type=refresh_token&
refresh_token=$REFRESH_TOKEN

QuickBooks refresh token request

Hopefully this helps you solve the QuickBooks invalid_grant error.

Fully managed QuickBooks auth

If you want to avoid dealing with auth errors again while building a native QuickBooks (or any other) integration for your app, try out Paragon.

Access/refresh token management is handled by Paragon's authentication layer for any 3rd party SaaS integration you need to build, so you can focus on implementing your integration logic instead of fixing errors such as the QuickBooks invalid_grant error.

With a single paragon.connect('quickbooks'); call, the Paragon SDK will handle the entire authorization flow and refreshes tokens on behalf of your customers.

<Button onClick={() => paragon.installIntegration("QuickBooks")}>
  Install QuickBooks Integration
</Button>

Learn more about Paragon's embedded integration platform for developers and sign up for a free trial here.