Link Search Menu Expand Document
Intuit API Docs

User Role

This document provides technical details for using the new Role API to retrieve user role information in the context of a given company.

API URL:

Role API is exposed under a new endpoint. Make a POST request to the endpoint below.

Endpoint:

Prod: https://public.api.intuit.com/2020-04/graphql

E2E: https://public-e2e.api.intuit.com/2020-04/graphql

Required Headers:

Content-Type: application/json

Authorization: OAuth2 authorization header using new scope.

Scopes:

User role data is protected under a new scope com.intuit.identity.user.roles.read. For apps that are already using the internal Role API, we will honor the tokens that were generated using com.intuit.identity.accounts.restricted scope to support their existing customers.

  • For existing customers - Continue to use the tokens generated using com.intuit.identity.accounts.restricted scope.
  • For new customers - Use the following scope com.intuit.identity.user.roles.read.

Note: App’s also should be onboarded to the new scope before they can start using it.

API request:

Note: Before making the API call, make sure to generate Oauth token by sending the scope com.intuit.identity.user.roles.read and send the token in the request header.

Queries:

Request user role for a realm 
 {

  user{

  role (realmId: "9130349878530396") {

    type

    status

    hasPayroll

  }

  }

}

Sample Response

{

  "data": {

    "user": {

      "role": {

        "type": "ADMIN",

        "status": "ACTIVE",

        "hasPayroll": true

      }

    }

  }

}
Request user role for an invalid realm 
 {

  user{

  role (realmId: "9130349878530397") {

    type

    status

    hasPayroll

  }

  }

}

Sample Response

{

 "errors": [

   {

     "message": "User id not part of the realm!",

     "locations": [

       {

         "line": 3,

         "column": 3

       }

     ],

     "path": [],

     "extensions": {

       "code": "VAL-1002",

       "innerMessage": "User id not part of the realm!",

       "classification": "VALIDATION_ERROR"

     }

   }

 ]

}

Description of Fields:

Note: Can share schema file if needed.

Field DataType Description
role realmId (required) String Company id for which the user role is needed
type Enum - ADMIN, EMPLOYEE Indicates the role type for the user such as ADMIN or EMPLOYEE
status Enum - ACTIVE, INACTIVE Indicates user’s status within the company such as ACTIVE or INACTIVE
hasPayroll Boolean Indicates if user has payroll access

© 2021 Intuit Inc. All rights reserved. Intuit and QuickBooks are registered trademarks of Intuit Inc. Terms and conditions, features, support, pricing, and service options subject to change without notice.

Edit this page on GitHub.