Postman is a powerful HTTP client for testing the QuickBooks Online API by displaying requests and responses in manageable formats.

QuickBooks Online collection of individual resource endpoints, using OAuth 2.0 authorization.
QuickBooks Online orchestrated collection, using OAuth 2.0 authorization.

The steps on this page use Postman for Mac, v 5.4.1.

Using Postman


  1. Create an app.
  2. Download and install Postman:
  3. Click the Run in Postman button corresponding to the desired collection from the list above. This sets up the Postman UI and downloads the collection.
  4. Configure the Postman Authorization header.
  5. Configure an environment that defines variables used in endpoints. An environment template is provided for you in the collection and accessed via Manage Environments in Postman settings. Define these variables:
baseurl Use
companyid Get this value from the sandbox company information on the Manage Sandboxes page of your Intuit Developer account. Click on your user name and select Sandbox to display this page.
minorversion Enter the minor version appropriate to the request.
UserAgent Specify QBOV3-OAuth2-Postman-Collection

Make calls

Once you configure Postman authorization header, requests in the Postman collections here will access your sandbox.

For each request, refresh the authorization header:

  1. Oauth 2.0: For OAuth 2.0 headers, select the desired token from the Available Tokens list and click Get New Access Token.

  2. Select the appropriate environment, configured earlier, Postman uses for endpoint variable substitution.

  3. Select the desired endpoint from the collection.

  4. Click Send to issue the API request. Response payload is returned in the Body tab.


For reference information about a specific endpoint in the collection, see the QuickBooks Online API reference.


Use this tool only for testing and prototyping your API requests. Use QuickBooks Online SDKs for your production code.

Configuring the Postman Authorization header

Information in this section provides configuration details for the OAuth authorization header, which is supplied with each request to the QuickBooks Online API. Based on the version of OAuth your app implements, configure either an OAuth 2.0 header or an OAuth 1.0a header. To help you determine the version of OAuth your app uses click here.

OAuth 2.0

Before submitting a request from the collection, Postman must generate an OAuth 2.0 access token based on OAuth 2.0 keys from your app’s dashboard on

  1. Sign-on to your developer account on and click My Apps.
  2. Find and open the app you want to use.
  3. Navigate to the Keys tab on your app’s dashboard. You use the development keys for this configuration.

Now, from the Authorization tab on the Postman UI, for Type select OAuth 2.0 and click Get New Access Token. You need the following information when configuring this dialog:

Postman Authorization Field Information from your developer account
Token Name A user defined name for this token. It appears in the Postman Existing Tokens list to use in Send requests.
Grant Type This must be set to Authorization Code.
Callback URL Enter: This must also be configured as a Redirect URI on the app’s Keys tab of the app profile via My Apps on the developer site. Make sure to configure this in the development keys section on this tab.
Auth URL
Access Token URL
Client ID and Client Secret Obtain these values from the Keys tab on the app profile via My Apps on the developer site. Make sure you get them development keys section on this tab.
Scope Specify: openid email profile
State This can be any string. It provides information that might be useful to your application upon receipt of the response. The Intuit Authorization Server roundtrips this parameter, so your application receives the same value it sent.
Client Authentication Set to Send client credentials in body

Using the collections in a production environment

To use the collections in a production environment you need the folllowing:

  • Access to your production keys
  • A paid or trial subscription to QuickBooks Online. Your production keys will not authorize a sandbox company.
  • Set { {baseURL} } to