Sample code for 30+ languages & platforms
Pascal (Lazarus/Delphi)

Quickbooks OAuth1 Authorization (3-legged)

See more QuickBooks Examples

Demonstrates 3-legged OAuth1 authorization for Quickbooks.

Chilkat Pascal (Lazarus/Delphi) Downloads

Pascal (Lazarus/Delphi)
program ChilkatDemo;

// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.

{$IFDEF FPC}
  {$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}

uses
  {$IFDEF UNIX}
  cthreads,
  {$ENDIF}
  SysUtils,
  CkDllLoader,
  Chilkat.Http,
  Chilkat.FileAccess,
  Chilkat.Hashtable,
  Chilkat.Socket,
  Chilkat.HttpResponse,
  Chilkat.OAuth2,
  Chilkat.StringBuilder,
  Chilkat.JsonObject,
  Chilkat.HttpRequest,
  Chilkat.Task;

// ---------------------------------------------------------------------------

procedure RunDemo;
var
  success: Boolean;
  consumerKey: string;
  consumerSecret: string;
  requestTokenUrl: string;
  authorizeUrl: string;
  accessTokenUrl: string;
  callbackUrl: string;
  callbackLocalPort: Integer;
  http: THttp;
  req: THttpRequest;
  resp: THttpResponse;
  hashTab1: THashtable;
  requestToken: string;
  requestTokenSecret: string;
  sbUrlForBrowser: TStringBuilder;
  url: string;
  listenSock: TSocket;
  backLog: Integer;
  sock: TSocket;
  maxWaitMs: Integer;
  task: TTask;
  oauth2: TOAuth2;
  startLine: string;
  requestHeader: string;
  sbResponseHtml: TStringBuilder;
  sbResponse: TStringBuilder;
  sbStartLine: TStringBuilder;
  numReplacements: Integer;
  authVerifier: string;
  hashTab2: THashtable;
  accessToken: string;
  accessTokenSecret: string;
  json: TJsonObject;
  realmId: string;
  dataSource: string;
  fac: TFileAccess;

begin
  success := False;

  consumerKey := 'QUICKBOOKS_CONSUMER_KEY';
  consumerSecret := 'QUICKBOOKS_CONSUMER_SECRET';

  requestTokenUrl := 'https://oauth.intuit.com/oauth/v1/get_request_token';
  authorizeUrl := 'https://appcenter.intuit.com/Connect/Begin';
  accessTokenUrl := 'https://oauth.intuit.com/oauth/v1/get_access_token';

  //  The port number is picked at random. It's some unused port that won't likely conflict with anything else..
  callbackUrl := 'http://localhost:3017/';
  callbackLocalPort := 3017;

  //  The 1st step in 3-legged OAuth1.0a is to send a POST to the request token URL to obtain an OAuth Request Token
  http := THttp.Create;

  http.OAuth1 := True;
  http.OAuthConsumerKey := consumerKey;
  http.OAuthConsumerSecret := consumerSecret;
  http.OAuthCallback := callbackUrl;

  req := THttpRequest.Create;
  req.HttpVerb := 'POST';
  req.ContentType := 'application/x-www-form-urlencoded';

  resp := THttpResponse.Create;
  success := http.HttpReq(requestTokenUrl,req,resp);
  if (success = False) then
    begin
      WriteLn(http.LastErrorText);
      Exit;
    end;

  if (resp.StatusCode >= 400) then
    begin
      WriteLn('Error response status code = ' + resp.StatusCode);
      WriteLn(resp.BodyStr);
      Exit;
    end;

  //  If successful, the resp.BodyStr contains this:  
  //  oauth_token=-Wa_KwAAAAAAxfEPAAABV8Qar4Q&oauth_token_secret=OfHY4tZBX2HK4f7yIw76WYdvnl99MVGB&oauth_callback_confirmed=true
  WriteLn(resp.BodyStr);

  hashTab1 := THashtable.Create;
  hashTab1.AddQueryParams(resp.BodyStr);

  requestToken := hashTab1.LookupStr('oauth_token');
  requestTokenSecret := hashTab1.LookupStr('oauth_token_secret');
  http.OAuthTokenSecret := requestTokenSecret;

  WriteLn('oauth_token = ' + requestToken);
  WriteLn('oauth_token_secret = ' + requestTokenSecret);

  //  ---------------------------------------------------------------------------
  //  The next step is to form a URL to send to the AuthorizeUrl
  //  This is an HTTP GET that we load into a popup browser.
  sbUrlForBrowser := TStringBuilder.Create;
  sbUrlForBrowser.Append(authorizeUrl);
  sbUrlForBrowser.Append('?oauth_token=');
  sbUrlForBrowser.Append(requestToken);
  url := sbUrlForBrowser.GetAsString();

  //  When the urlForBrowser is loaded into a browser, the response from Quickbooks will redirect back to localhost:3017
  //  We'll need to start a socket that is listening on port 3017 for the callback from the browser.
  listenSock := TSocket.Create;

  backLog := 5;
  success := listenSock.BindAndListen(callbackLocalPort,backLog);
  if (success = False) then
    begin
      WriteLn(listenSock.LastErrorText);
      Exit;
    end;

  //  Wait for the browser's connection in a background thread.
  //  (We'll send load the URL into the browser following this..)
  //  Wait a max of 60 seconds before giving up.
  sock := TSocket.Create;
  maxWaitMs := 60000;
  task := listenSock.AcceptNextAsync(maxWaitMs,sock);
  task.Run();

  //  Launch the system's default browser navigated to the URL.
  oauth2 := TOAuth2.Create;
  success := oauth2.LaunchBrowser(url);
  if (success = False) then
    begin
      WriteLn(oauth2.LastErrorText);
      Exit;
    end;

  //  Wait for the listenSock's task to complete.
  success := task.Wait(maxWaitMs);
  if (not success or (task.StatusInt <> 7) or (task.TaskSuccess <> True)) then
    begin
      if (not success) then
        begin
          //  The task.LastErrorText applies to the Wait method call.
          WriteLn(task.LastErrorText);
        end
      else
        begin
          //  The ResultErrorText applies to the underlying task method call (i.e. the AcceptNextConnection)
          WriteLn(task.Status);
          WriteLn(task.ResultErrorText);
        end;
      task.Free;
      Exit;
    end;

  //  If we get to this point, the connection from the browser arrived and was accepted.

  //  We no longer need the listen socket...
  //  Close it so that it's no longer listening on port 3017.
  listenSock.Close(10);

  task.Free;

  //  Read the start line of the request..
  startLine := sock.ReceiveUntilMatch(#13#10);
  if (sock.LastMethodSuccess = False) then
    begin
      WriteLn(sock.LastErrorText);
      Exit;
    end;

  //  Read the request header.
  requestHeader := sock.ReceiveUntilMatch(#13#10 + #13#10);
  if (sock.LastMethodSuccess = False) then
    begin
      WriteLn(sock.LastErrorText);
      Exit;
    end;

  //  The browser SHOULD be sending us a GET request, and therefore there is no body to the request.
  //  Once the request header is received, we have all of it.
  //  We can now send our HTTP response.
  sbResponseHtml := TStringBuilder.Create;
  sbResponseHtml.Append('<html><body><p>Chilkat thanks you!</b></body</html>');

  sbResponse := TStringBuilder.Create;
  sbResponse.Append('HTTP/1.1 200 OK' + #13#10);
  sbResponse.Append('Content-Length: ');
  sbResponse.AppendInt(sbResponseHtml.Length);
  sbResponse.Append(#13#10);
  sbResponse.Append('Content-Type: text/html' + #13#10);
  sbResponse.Append(#13#10);
  sbResponse.AppendSb(sbResponseHtml);

  sock.SendString(sbResponse.GetAsString());
  sock.Close(50);

  //  The information we need is in the startLine.
  //  For example, the startLine will look like this:
  //   GET /?oauth_token=abcdRQAAZZAAxfBBAAABVabcd_k&oauth_verifier=9rdOq5abcdCe6cn8M3jabcdj3Eabcd HTTP/1.1
  sbStartLine := TStringBuilder.Create;
  sbStartLine.Append(startLine);
  numReplacements := sbStartLine.Replace('GET /?','');
  numReplacements := sbStartLine.Replace(' HTTP/1.1','');
  sbStartLine.Trim();

  //  oauth_token=qyprdP04IrTDIXtP1HRZz0geQdjXHVlGDxXPexlXZsjZNRcY&oauth_verifier=arx5pj5&realmId=193514465596199&dataSource=QBO
  WriteLn('startline: ' + sbStartLine.GetAsString());

  hashTab1.Clear();
  hashTab1.AddQueryParams(sbStartLine.GetAsString());

  requestToken := hashTab1.LookupStr('oauth_token');
  authVerifier := hashTab1.LookupStr('oauth_verifier');

  //  ------------------------------------------------------------------------------
  //  Finally , we must exchange the OAuth Request Token for an OAuth Access Token.

  http.OAuthToken := requestToken;
  http.OAuthVerifier := authVerifier;

  req.HttpVerb := 'POST';
  req.ContentType := 'application/x-www-form-urlencoded';

  success := http.HttpReq(accessTokenUrl,req,resp);
  if (success = False) then
    begin
      WriteLn(http.LastErrorText);
      Exit;
    end;

  //  Make sure a successful response was received.
  if (resp.StatusCode <> 200) then
    begin
      WriteLn(resp.StatusLine);
      WriteLn(resp.Header);
      WriteLn(resp.BodyStr);
      Exit;
    end;

  //  If successful, the resp.BodyStr contains something like this:
  //  oauth_token=12347455-ffffrrlaBdCjbdGfyjZabcdb5APNtuTPNabcdEpp&oauth_token_secret=RxxxxJ8mTzUhwES4xxxxuJyFWDN8ZfHmrabcddh88LmWE
  WriteLn(resp.BodyStr);

  hashTab2 := THashtable.Create;
  hashTab2.AddQueryParams(resp.BodyStr);

  accessToken := hashTab2.LookupStr('oauth_token');
  accessTokenSecret := hashTab2.LookupStr('oauth_token_secret');

  //  The access token + secret is what should be saved and used for
  //  subsequent REST API calls.
  WriteLn('Access Token = ' + accessToken);
  WriteLn('Access Token Secret = ' + accessTokenSecret);

  //  Save this access token for future calls.
  json := TJsonObject.Create;
  json.AppendString('oauth_token',accessToken);
  json.AppendString('oauth_token_secret',accessTokenSecret);

  //  Also save the realmId and dataSource from hashTab1.
  realmId := hashTab1.LookupStr('realmId');
  WriteLn('realmId = ' + realmId);
  dataSource := hashTab1.LookupStr('dataSource');
  WriteLn('dataSource = ' + dataSource);

  json.AppendString('realmId',realmId);
  json.AppendString('dataSource',dataSource);

  fac := TFileAccess.Create;
  fac.WriteEntireTextFile('qa_data/tokens/quickbooks.json',json.Emit(),'utf-8',False);

  WriteLn('Success.');


  http.Free;
  req.Free;
  resp.Free;
  hashTab1.Free;
  sbUrlForBrowser.Free;
  listenSock.Free;
  sock.Free;
  oauth2.Free;
  sbResponseHtml.Free;
  sbResponse.Free;
  sbStartLine.Free;
  hashTab2.Free;
  json.Free;
  fac.Free;

end;

// ---------------------------------------------------------------------------

begin

  try
    RunDemo;
  except
    on E: Exception do
      WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
  end;

  WriteLn;
  {$IFDEF MSWINDOWS}
  WriteLn('Press Enter to exit...');
  ReadLn;
  {$ENDIF}
end.