← 返回 Skills 市场
Intuit-quickbook
作者
Simon-Pierrre Boucher
· GitHub ↗
· v1.0.1
· MIT-0
51
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install quickbook
功能描述
Production-grade integration and automation with the QuickBooks Online API. Covers OAuth 2.0 authentication, accounting entities (Customers, Invoices, Paymen...
使用说明 (SKILL.md)
QuickBooks Online API Skill
This skill provides production-grade workflows, JSON schemas, and code patterns for integrating with the QuickBooks Online (QBO) REST API (v3) and the QuickBooks Payments API (v4).
Base URLs
| Environment | Accounting API Base URL |
|---|---|
| Sandbox | https://sandbox-quickbooks.api.intuit.com |
| Production | https://quickbooks.api.intuit.com |
All requests require the header Authorization: Bearer \x3Caccess_token> and Accept: application/json.
Reference Guides
Detailed schemas and code implementations are in the references/ folder. Load them as needed:
| File | When to Read |
|---|---|
references/authentication.md |
OAuth 2.0 flow, token exchange, token refresh, distributed locking |
references/accounting_entities.md |
Customer, Invoice, Payment, Bill, JournalEntry CRUD payloads |
references/webhooks.md |
CloudEvents v1.0 payload, HMAC-SHA256 signature verification, async queue pattern |
references/queries_and_errors.md |
IDS-QL syntax, pagination, SQL injection prevention, exponential backoff |
references/ai_and_mcp.md |
QuickBooks MCP server deployment, LangGraph agent state machines |
Core Workflows
Workflow 1: OAuth 2.0 Token Lifecycle
[User clicks "Connect to QuickBooks"]
|
v
[Redirect to Intuit Authorization URL]
|
v
[User grants consent → receives ?code=...]
|
v
[POST /oauth2/v1/tokens/bearer (code exchange)]
|
v
[Store access_token (60 min) + refresh_token (100 days)]
|
v
[On 401 → POST /oauth2/v1/tokens/bearer (refresh grant)]
Critical: Encrypt both tokens at rest with AES-256-GCM. Use a distributed lock (e.g., Redis Redlock) to prevent concurrent refresh races.
Workflow 2: Robust Entity Update (SyncToken / Error 2030)
QuickBooks uses optimistic locking. Every entity carries a SyncToken. If another process updated the entity since your last read, the API returns error 2030 (Stale Object).
[POST update with local SyncToken]
|
+----+----+
| |
200 OK 400 / 2030
| |
[Done] [GET entity → get new SyncToken]
|
[Merge changes]
|
[POST update again]
Workflow 3: Asynchronous Webhook Processing
QuickBooks requires an HTTP 200 OK response within 3 seconds.
[Incoming POST from Intuit]
|
v
[1. Verify HMAC-SHA256 signature] ← raw bytes only, never parsed JSON
|
v
[2. Push raw payload to message queue (SQS / RabbitMQ / Redis)]
|
v
[3. Return HTTP 200 immediately]
|
v
[4. Background worker processes event]
API Quick Reference
Accounting Entities
| Entity | Endpoint | Methods |
|---|---|---|
| Customer | /v3/company/\x3CrealmId>/customer |
POST (create), POST (update sparse), GET |
| Vendor | /v3/company/\x3CrealmId>/vendor |
POST, GET |
| Invoice | /v3/company/\x3CrealmId>/invoice |
POST, GET, DELETE (void) |
| Payment | /v3/company/\x3CrealmId>/payment |
POST, GET |
| Bill | /v3/company/\x3CrealmId>/bill |
POST, GET |
| CreditMemo | /v3/company/\x3CrealmId>/creditmemo |
POST, GET |
| JournalEntry | /v3/company/\x3CrealmId>/journalentry |
POST, GET |
| Account (CoA) | /v3/company/\x3CrealmId>/account |
POST, GET |
| Item | /v3/company/\x3CrealmId>/item |
POST, GET |
| Deposit | /v3/company/\x3CrealmId>/deposit |
POST, GET |
| Transfer | /v3/company/\x3CrealmId>/transfer |
POST, GET |
Reports API
| Report | Endpoint | Key Params |
|---|---|---|
| Profit & Loss | /v3/company/\x3CrealmId>/reports/ProfitAndLoss |
start_date, end_date, accounting_method |
| Balance Sheet | /v3/company/\x3CrealmId>/reports/BalanceSheet |
date, accounting_method |
| General Ledger | /v3/company/\x3CrealmId>/reports/GeneralLedgerDetail |
start_date, end_date, columns |
| A/R Aging | /v3/company/\x3CrealmId>/reports/AgedReceivables |
report_date, aging_method |
Reports cell limit: 400,000 cells per response. Enforce a maximum 6-month date range per request to avoid timeouts.
Payments API (v4)
| Operation | Endpoint |
|---|---|
| Tokenize card | POST https://api.intuit.com/quickbooks/v4/payments/tokens |
| Create charge | POST https://api.intuit.com/quickbooks/v4/payments/charges |
| Refund charge | POST https://api.intuit.com/quickbooks/v4/payments/charges/\x3Cid>/refunds |
Batch Operations
Bundle up to 30 independent operations into a single POST request:
POST /v3/company/\x3CrealmId>/batch
Change Data Capture (CDC)
Retrieve all changed entities since a given timestamp:
GET /v3/company/\x3CrealmId>/cdc?entities=Customer,Invoice&changedSince=2026-05-31T00:00:00Z
Production Checklist
Before going live, verify:
- OAuth tokens encrypted at rest (AES-256-GCM).
- Distributed lock on token refresh (no concurrent refresh races).
- Exponential backoff with jitter on all API calls (handles
HTTP 429, 100 req/min limit). - IDS-QL inputs sanitized (escape single quotes to prevent injection).
- Reports date range capped at 6 months per request.
- Webhook signature verified on raw bytes before any JSON parsing.
- Webhook handler responds
HTTP 200within 3 seconds (async queue pattern). - PCI-DSS: raw card numbers never stored; use tokenization endpoint only.
安全使用建议
Install only if you are prepared to treat it as high-impact financial automation guidance. Use sandbox first, store QuickBooks secrets outside committed config files, restrict OAuth scopes, require human approval for payments or posting actions, set transaction limits, and replace the query-string sanitization guidance with a stricter allowlisted query builder.
能力标签
能力评估
Purpose & Capability
The stated purpose is coherent with QuickBooks API integration, OAuth, webhooks, reports, payments, and MCP automation, but the capability surface includes high-impact financial actions such as charges, refunds, invoice updates, and bill payment.
Instruction Scope
The instructions are mostly purpose-aligned, but the AI/MCP bill-payment workflow lacks explicit human approval, limits, audit requirements, or rollback guidance, and the IDS query guidance recommends weak string sanitization for user-controlled query input.
Install Mechanism
The submitted skill itself is markdown-only with no executable scripts or hidden install steps; it does direct users to clone and install an external Intuit MCP server, which is user-directed and related to the stated purpose.
Credentials
QuickBooks client secrets, refresh tokens, realm IDs, and optional webhook verifier tokens are proportionate for the integration, but they are highly sensitive and the MCP example shows credentials placed directly in a configuration block without enough secret-handling warnings.
Persistence & Privilege
The artifact does not create persistence itself, but it relies on long-lived QuickBooks refresh tokens and a user-run MCP/server workflow; token lifetime and encryption are disclosed in the documentation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install quickbook - 安装完成后,直接呼叫该 Skill 的名称或使用
/quickbook触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Added new documentation files: ai_and_mcp.md, authentication.md, queries_and_errors.md, and webhooks.md in the references directory.
- Expanded reference coverage to include topics like AI/MCP integration, authentication workflows, robust query/error handling, and webhook processing.
- No changes to the public API, environment variables, or core workflow logic.
- Improved internal documentation structure for easier onboarding and advanced QuickBooks API use cases.
v1.0.0
Initial public release of QuickBooks Online API integration skill.
- Provides production-grade integration with QuickBooks Online (QBO) and Payments APIs.
- Supports OAuth 2.0 authentication, accounting entities (Customers, Invoices, Payments, Bills, Journal Entries), webhooks, Reports API, Payments API, IDS query language, Change Data Capture, and batch operations.
- Includes detailed workflow guides for OAuth token management, optimistic locking (SyncToken/Error 2030), and asynchronous webhook processing.
- Enforces best practices: token encryption, distributed locking, API rate handling, input sanitization, secure webhook validation, and PCI compliance.
元数据
常见问题
Intuit-quickbook 是什么?
Production-grade integration and automation with the QuickBooks Online API. Covers OAuth 2.0 authentication, accounting entities (Customers, Invoices, Paymen... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 51 次。
如何安装 Intuit-quickbook?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install quickbook」即可一键安装,无需额外配置。
Intuit-quickbook 是免费的吗?
是的,Intuit-quickbook 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Intuit-quickbook 支持哪些平台?
Intuit-quickbook 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Intuit-quickbook?
由 Simon-Pierrre Boucher(@simonpierreboucher02)开发并维护,当前版本 v1.0.1。
推荐 Skills