As of December 17th, 2019, Intuit’s QuickBooks Online service now uses OAuth 2.0 in order to facilitate authentication for third-party applications such as the FM Books Connector Online plug-in.

If your deployment version of FM Books Connector Online is older than version, you must upgrade your deployment to the latest version. After December 17th, 2019, any attempts to connect with OAuth 1.0 will be declined by Intuit.

You can download the new versions here:

For our users, the authentication process will be the same as or similar to the original process.  The plug-in will launch authentication with PCQO_BeginSession, the user will be prompted to log into their Intuit account and authorize the plug-in to communicate with their QuickBooks Online company, Windows users will copy their session ticket from the website into FileMaker to pass to PCQO_Authorize, and finally the plug-in will be authenticated.


Version 3 Automatic Refresh Process

The major key difference is the timing of the session tokens. Changes to the Intuit Authentication process from OAuth 1 to OAuth 2 have reduced the amount of time a session token lasts, from 6 months to 1 hour. As a result, version 3 of the FM Books Connector Online plug-in will automatically refresh its session when it needs to.

Due to the possibility that a session could be refreshed whenever calling PCQO_SLoadSessionInfo or PCQO_RqExecute, we recommend making a call to PCQO_SSaveSessionInfo after such functions, as the solution requires. Server-side implementations of the plug-in should be calling PCQO_SSaveSessionInfo after the initial load session attempt before launching into a PSOS workflow as recommended in the Developer’s Guide.  For an example of handling an automatic refresh, please refer to the PCQO_Demo_Serverside.fmp12 solution and scripting.


Known Issue:  “invalid_client” Error Result

When connecting to a company, it is possible to receive an “invalid_client” authentication error when loading a session string from FileMaker. The common cause of this error is that the session information string has been loaded on another machine and has since been refreshed, but that machine has not saved its updated session to FileMaker. To resolve this, please ensure that any workflow that loads session information will also immediately save their session information to FileMaker, as it may change due to being automatically refreshed. Sessions may also be saved after issuing calls to PCQO_RqExecute, as execution may also result in an automatic refresh. This error is most common in server-side deployments. Beginning a session anew will also resolve the “invalid_client” error; this will also invalidate any existing sessions that may be stored, so use it if any other resolution attempts fail.


Known Issue (Mac server-side): PCQO_SLoadSessionInfo “Failed to Decode Authentication String” Error

We have noticed on Mac server-side deployments on macOS 10.15 Catalina that the attempt to load the session during a PSOS script call may result in an error that the plug-in could not decode the authentication string. In testing, we have found success in working around this by calling the PCQO_SLoadSessionInfo function a second time. See below for an example of an updated authentication workflow run on server-side:

Please see the Authentication section of the Developers Guide for more details. If you have questions, please email us at