I have a need to run periodic batch queries against Quickbooks Online. Is there a way to accomplish this with a service account which does not require user interaction?
Related
I am writing an api using the msgraph api which should be able to read mail from shared mailboxes. I have setup the application in Azure and have given the following permission (my app is running as its own service and not on behalf of an user)
What I am confused about is
Why does it show Delegated, all the rest of my permissions to the application show Application.
Since this is an application how does an user share a particular mailbox with this application, what I can think of is to create a service account, then this application impersonates that service account and then uses the service account to access the shared mail, but this sounds like a really complicated process and am wondering if I'm heading down the correct path.
thanks in advance.
From the Microsoft graph permissions reference, Mail Permissions Mail.Read.Shared and Mail.Send.Shared require a signed in user which is why the permissions show up as delegated. To the best of my knowledge, there isn't currently a way to access shared mailboxes via Ms graph without a signed in user.
Please let me know if this helps, and if you have further questions.
Design
Outlook Add-in that shows sales specific information based on the message (content, sender, etc)
Daemon that subscribes to new messages for the sales team and processes messages as they come in. Runs with application authentication
Scenario
We are developing a multi-tenant add-in that show sales specific information based on the email they are viewing. Since the sales team may be a single person, group or multiple people.
Question
How would the daemon running as an application use the graph to pull in users assigned to it?
Office 365 Admin Screenshot
You would need an Azure AD Application registered with Mail.Read persmissions. The add-in would sign in as the user. Then have the add-in subscribe to the users mailbox on the users behalf. The subscription would include the URL of a backend web api that Microsoft Graph subscription service would call.
You would need to register a new Azure AD Application (if you don't have one created already) for the backend web api. Then you would want to grant the correct permissions scopes to it. For your scenario you would require each tenant to admin consent this application, because you would need access to messages in many users mailboxes using application permission Mail.Read. The reason for this is because the webhook does not call your web api with any user token that you could use to then actual fetch the details of the message.
More info on change notifications (webhooks) is here https://learn.microsoft.com/en-us/graph/webhooks
I'm developing an application on Microsoft Graph that runs as a daemon, and needs access to many accounts. As a result, I'm using a service account, also known as client credentials (using this method).
I can request the proper scope (calendars.readwrite) however as far as I can see, I cannot restrict to which calendars I have access. In my case, I only need access to the meetingroom calendars, and I'm afraid that organisations will not allow my application if I can also read and write from/to the CEO's calendar.
Is there any way (either while creating the app, or during/after giving admin consent) to restrict my app to only a subset of calendars? Or should I approach this problem differently and (e.g.) not use a service account in the first place?
I have a rails web based app which has users which will be vendors in QuickBooks Online. Users will signup in my rails application with email address and these users will be verified by Admin at EOD manually. I want to write a service/job in rails which will connect to QuickBooks online and create the verified users as vendors in QuickBooks.
My problem is QuickBooks rest API uses OAuth which requires user to enter quickbooks user and password on UI to get the token but my service will be offline, so how can I achieve this?
My problem is QuickBooks rest API uses OAuth which requires user to enter quickbooks user and password on UI
... exactly ONCE, and then NEVER AGAIN.
Repeat - You only have to log in ONCE, and ONLY ONCE, and then NEVER AGAIN.
Log in once, the very first time you deploy your Rails app, and then never log in again.
There should be no issue here. The docs cover this as well:
https://developer.intuit.com/docs/0100_quickbooks_online/0100_essentials/000500_authentication_and_authorization/0005_your_app_user_experience
https://developer.intuit.com/docs/0100_quickbooks_online/0100_essentials/000500_authentication_and_authorization/connect_from_within_your_app
https://oauth.net/core/1.0/#auth_step3
I have created a sample .NET web app that connects to QuickBooks Online and using pages/forms in the app I can create/update customer records in QB. I would like to know how customer records in my database can be migrated to QB Online so that user does not have to explicitly logon to QB online. I read about WebConnector but it works with desktop version of QB. So I need to have ability to be able to create/update records in QB Online (using a background process) whenever customer records are added or updated in my SQL Server database without connecting to QB Online.
I am thinking of writing a WCF windows service that will call QBOnline API to do this work periodically but not sure how I will connect that service to QB Online. Please suggest if QB supports this (and how) or I have to force users to logon to QB to create/update customers.
I would like to know how customer records in my database can be migrated to QB Online so that user does not have to explicitly logon to QB online.
The very first time you establish a connection to QuickBooks Online, the user must login.
That only needs to be done ONCE. After that very first time, you should be storing your OAuth tokens, and you can send data over anytime you want without any user interaction what-so-ever.
If that's not the behavior you're seeing, it's probably because you're not storing the OAuth tokens like you should be.
I read about WebConnector but it works with desktop version of QB.
Do not use the Web Connector. If you've already implemented a sample .NET web app that connects to QuickBooks Online, then you're on the right path.
I am thinking of writing a WCF windows service that will call QBOnline API
Why would you do this? This is making things so much harder than they have to be... you already implemented a sample .NET web app, keep doing what you're doing.
Please suggest if QB supports this (and how)
It does.
You already implemented a sample app, which means you've already done what you're asking to do. Just make sure you're storing the OAuth tokens so you don't have to keep reconnecting all the time. The connection process by the user should happen ONLY ONCE. If it's happening more than once, you're not storing the tokens like you should be.