QuickBooks Online MCP Server
Community QuickBooks Online MCP server with full CRUD for invoices, bills, customers, vendors, and accounting
Score Breakdown
Server Info
- Package
- @qboapi/qbo-mcp-server
- Registry
- npm
- Repository
- intuit/quickbooks-online-mcp-server
- Maintainer
- IntuitVendor
- Category
- Finance & Payments
- Tags
- accountinginvoicesquickbooks
- Last Scanned
- 7 Apr 2026
Findings
8 issuesAuthentication & Identity
LOWImplements MCP OAuth spec for per-user authentication
The correct official Intuit repository implements OAuth 2.0 authentication to QuickBooks Online (users authenticate directly with the upstream Intuit service), with an interactive OAuth fallback when the refresh token is dead. It also adds opt-in QUICKBOOKS_DISABLE_WRITE/UPDATE/DELETE permission controls. The prior score was based on a non-existent repo (qboapi/qbo-mcp-server, 404).
Document the required OAuth scopes for each tool.
Tool Schema Quality
HIGHRequired fields missing on 1 write operations
Write tools without required field declarations: delete_customer.
Add required arrays to all write/delete tool schemas.
MEDIUMOnly 10 of 50 schemas have parameter constraints
Most schemas lack maxLength, enum, or pattern constraints on string parameters.
Add constraints to string parameters, especially on write operations.
CRITICALDangerous execution surface: delete_customer uses z.any() for idOrEntity parameter
Tool allows raw code/query execution which could be exploited via prompt injection.
Use parameterized queries or validated command sets.
LLM Safety
MEDIUM5 tool descriptions are too vague
Short or generic descriptions make tool selection unreliable.
Expand descriptions with specific actions, data types, and side effects.
Data Exposure
LOWNo field selection on responses
Responses return full records rather than projected fields.
Implement field selection to return only relevant fields.
Maintenance & Trust
LOWCommunity-maintained by qboapi (community)
No official vendor backing.
Seek vendor verification.
HIGH18 dependency vulnerabilities (3 critical, 9 high)
npm audit found 3 critical and 9 high severity CVEs.
Run `npm audit fix` and update vulnerable dependencies.
Tools
50 total| Name | Description | Risk |
|---|---|---|
| create_account | Create a chart-of-accounts entry in QuickBooks Online. | write |
| create_bill_payment | Create a bill payment in QuickBooks Online. | write |
| create-bill | Create a bill in QuickBooks Online. | write |
| create_customer | Create a customer in QuickBooks Online. | write |
| create_employee | Create an employee in QuickBooks Online. | write |
| create_estimate | Create an estimate in QuickBooks Online. | write |
| create_invoice | Create an invoice in QuickBooks Online. | write |
| create_item | Create an item in QuickBooks Online. | write |
| create_journal_entry | Create a journal entry in QuickBooks Online. | write |
| create_purchase | Create a purchase in QuickBooks Online. | write |
| create-vendor | Create a vendor in QuickBooks Online. | write |
| delete_bill_payment | Delete (make inactive) a bill payment in QuickBooks Online. | admin |
| delete-bill | Delete a bill in QuickBooks Online. | admin |
| delete_customer | Delete (make inactive) a customer in QuickBooks Online. | admin |
| delete_estimate | Delete (void) an estimate in QuickBooks Online. | admin |
| delete_journal_entry | Delete (make inactive) a journal entry in QuickBooks Online. | admin |
| delete_purchase | Delete (make inactive) a purchase in QuickBooks Online. | admin |
| delete-vendor | Delete a vendor in QuickBooks Online. | admin |
| get_bill_payment | Get a bill payment by Id from QuickBooks Online. | read |
| get-bill | Get a bill by ID from QuickBooks Online. | read |
| get_customer | Get a customer by Id from QuickBooks Online. | read |
| get_employee | Get an employee by Id from QuickBooks Online. | read |
| get_estimate | Get an estimate by Id from QuickBooks Online. | read |
| get_journal_entry | Get a journal entry by Id from QuickBooks Online. | read |
| get_purchase | Get a purchase by Id from QuickBooks Online. | read |
| get-vendor | Get a vendor by ID from QuickBooks Online. | read |
| read_invoice | Read a single invoice from QuickBooks Online by its ID. | read |
| read_item | Read a single item in QuickBooks Online by its ID. | read |
| search_accounts | Search chart-of-accounts entries using criteria. | read |
| search_bill_payments | Search bill payments in QuickBooks Online that match given criteria. | read |
| search_bills | Search bills in QuickBooks Online that match given criteria. | read |
| search_customers | Search customers in QuickBooks Online that match given criteria. | read |
| search_employees | Search employees in QuickBooks Online that match given criteria. | read |
| search_estimates | Search estimates in QuickBooks Online that match given criteria. | read |
| search_invoices | Search invoices in QuickBooks Online using criteria (maps to node-quickbooks findInvoices). | read |
| search_items | Search items in QuickBooks Online using criteria (maps to node-quickbooks findItems). | read |
| search_journal_entries | Search journal entries in QuickBooks Online that match given criteria. | read |
| search_purchases | Search purchases in QuickBooks Online that match given criteria. | read |
| search_vendors | Search vendors in QuickBooks Online that match given criteria. | read |
| update_account | Update an existing chart-of-accounts entry in Quickbooks. | write |
| update_bill_payment | Update a bill payment in QuickBooks Online. | write |
| update-bill | Update a bill in QuickBooks Online. | write |
| update_customer | Update an existing customer in QuickBooks Online. | write |
| update_employee | Update an employee in QuickBooks Online. | write |
| update_estimate | Update an estimate in QuickBooks Online. | write |
| update_invoice | Update an existing invoice in Quickbooks by ID (sparse update). | write |
| update_item | Update an existing item in Quickbooks by ID (sparse update). | write |
| update_journal_entry | Update a journal entry in QuickBooks Online. | write |
| update_purchase | Update a purchase in QuickBooks Online. | write |
| update-vendor | Update a vendor in QuickBooks Online. | write |
Deploy QuickBooks Online MCP Server securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow