ml-connector
QuickBooks OnlineGoCardless

QuickBooks Online and GoCardless integration

QuickBooks Online runs invoicing and accounts receivable. GoCardless collects recurring bank debit payments. Connecting the two keeps your customer invoice data and payment collection system in agreement. Unpaid invoices and customer records flow into GoCardless so new bank mandates can be set up without re-keying customer details, and payment and payout records flow back into QuickBooks Online so your general ledger and aged receivables are reconciled without manual re-entry. ml-connector handles the very different APIs on each side and keeps the data fresh on a schedule you control.

How QuickBooks Online works

QuickBooks Online exposes invoices, customers, payments, accounts, departments, and journal entries through the REST API v3 at https://quickbooks.api.intuit.com/v3/company/{realmId}, authenticated with OAuth 2.0 Authorization Code flow. Access tokens expire in 1 hour and refresh tokens rotate every 24-26 hours, requiring a new token exchange on each rotation. QuickBooks Online also publishes webhooks for Create, Update, Delete, and Merge operations on invoices, customers, payments, and other entities, but webhook payloads contain only the entity ID and operation - full records must be fetched via GET. A CDC (change data capture) endpoint is available at /v3/company/{realmId}/cdc for polling with 30-day history if webhooks are not preferred. All updates require an exact object representation with a SyncToken for concurrency control.

How GoCardless works

GoCardless exposes customers, mandates, payments, subscriptions, payouts, and refunds through a REST API at https://api.gocardless.com, authenticated with a bearer token passed in the Authorization header. The API version is sent via the GoCardless-Version header (2015-07-06). GoCardless publishes webhooks for real-time payment, mandate, and payout events, with payloads signed using HMAC-SHA256 - the signature must be verified before processing and a 2xx response must be returned only on a valid signature (returning 200 on a bad signature causes GoCardless to mark the endpoint healthy and stop retrying). Payouts and refunds are read-only, created automatically by GoCardless. Personal access tokens do not expire by default.

What moves between them

Invoices and customers flow from QuickBooks Online into GoCardless first. For each customer in QuickBooks Online, a GoCardless customer is created or updated, and for each unpaid invoice, a payment mandate and recurring subscription are created in GoCardless, so bank debit collections can begin without re-keying. Payment records and payout summaries then flow back from GoCardless into QuickBooks Online on a daily basis, matched to the original invoices by customer ID and invoice number, and posted as payment entries in the general ledger. Bank payout schedules and settlement reports keep your cash forecast aligned with actual collections.

How ml-connector handles it

ml-connector stores the QuickBooks Online OAuth 2.0 refresh token encrypted and exchanges it for a fresh access token before each request cycle. When the refresh token rotates (every 24-26 hours), the new token is captured from the response and re-encrypted before the stale token is purged - this prevents auth chain breakage if a rotation is missed. On the GoCardless side, the bearer token is stored encrypted and the webhook endpoint is registered with GoCardless to receive payment and payout events. For every webhook received, ml-connector verifies the HMAC-SHA256 signature against the raw request body and the shared webhook secret before processing - a bad signature causes the request to be rejected with no 2xx response, so GoCardless knows to retry. QuickBooks Online objects carry a SyncToken for optimistic concurrency control - if another system updates the same invoice or customer while ml-connector has a copy, the update fails with a conflict error and the latest version is fetched and retried. Unpaid invoices are polled from QuickBooks Online on a daily schedule or via webhook, and for each customer and invoice pair, ml-connector checks if a GoCardless subscription already exists to avoid creating duplicates. GoCardless payment amounts are integers in the smallest currency unit (pence, cents, etc.), and ml-connector converts from QuickBooks Online decimal amounts before posting. Every payment record is stamped with a unique external ID to prevent double-posting if a webhook is received twice.

A real-world example

A small online retail business runs QuickBooks Online for invoicing and accounting, and uses bank mandates to collect subscription fees and recurring orders from customers. Before the integration, the accounting team entered each customer and invoice manually into GoCardless when setting up collections, and at month-end they downloaded payment reports from GoCardless and re-entered totals into QuickBooks Online to reconcile their aged receivables and general ledger. With QuickBooks Online and GoCardless connected, each customer and invoice is synced automatically when created in QuickBooks Online, payment collections happen on schedule without manual setup, and payment and payout records flow back into QuickBooks Online daily so reconciliation happens automatically. The manual data entry is gone and the accounting team spends month-end close actually closing the books instead of chasing invoice and payment discrepancies.

What you can do

  • Sync unpaid invoices and customer records from QuickBooks Online into GoCardless to set up payment mandates and recurring collections without re-keying.
  • Fetch payment and payout records from GoCardless and post them into QuickBooks Online's general ledger, matched to the original invoices by customer and amount.
  • Refresh QuickBooks Online OAuth 2.0 tokens on rotation and cache them encrypted so auth chain breakage does not happen.
  • Verify GoCardless webhook signatures and reject unsigned or tampered events before posting payment data into QuickBooks Online.
  • Track every invoice, payment, and payout record with an audit trail and idempotency key to prevent duplicate postings and support dispute handling.

Questions

Which direction does data move between QuickBooks Online and GoCardless?
Invoices and customers flow from QuickBooks Online into GoCardless first so payment mandates can be set up. Payments and payouts then flow from GoCardless back into QuickBooks Online so the general ledger and aged receivables are reconciled. Payout schedules are read-only in GoCardless, so ml-connector does not write settlement records back to the payment processor.
How does the integration handle QuickBooks Online's OAuth 2.0 refresh token rotation?
QuickBooks Online refresh tokens rotate every 24-26 hours and a new token is issued in the response when the old one is exchanged. ml-connector captures the new token from the response, re-encrypts it, and purges the old one before the next request cycle. This prevents auth chain breakage if a rotation is missed or delayed.
What happens if a GoCardless webhook is received twice or the signature does not match?
Every payment record is stamped with a unique external ID to prevent double-posting if a webhook is received twice. For signature verification, ml-connector computes HMAC-SHA256 against the raw request body and compares it to the Webhook-Signature header - if the signature does not match, the request is rejected without a 2xx response so GoCardless knows to retry.

Related integrations

More QuickBooks Online integrations

QuickBooks Online and Adobe CommerceQuickBooks Online and ADPQuickBooks Online and AdyenQuickBooks Online and AirbaseQuickBooks Online and Amazon Seller CentralQuickBooks Online and AnaplanQuickBooks Online and SAP AribaQuickBooks Online and AsanaQuickBooks Online and AvalaraQuickBooks Online and AvidXchangeQuickBooks Online and BambooHRQuickBooks Online and Basware

Other systems that connect to GoCardless

Acumatica and GoCardlessDATEV and GoCardlessDeltek and GoCardlessMicrosoft Dynamics 365 Business Central and GoCardlessMicrosoft Dynamics 365 F&O and GoCardlessMicrosoft Dynamics GP and GoCardlessMicrosoft Dynamics NAV and GoCardlessEpicor Kinetic and GoCardlessExact Online and GoCardlessFreshBooks and GoCardlessIFS Cloud and GoCardlessInfor CloudSuite and GoCardless

Connect QuickBooks Online and GoCardless

Free to use. Add your credentials, ping your real systems, and see if we fit.

Get started