How do I find my Avatax API key?
Overview
What is my API Key and how do I find it?
Environment
Avalara Avatax API, Avalara Avatax
Resolution
-
AvaTax uses existing HTTP authentication standards: both basic HTTP authentication and OAuth 2.0 bearer token authentication. Both of these standards are well documented and have been in existence for a long time - which also means that over the past decades, many different people have implemented the standard in many different ways. Let’s describe exactly how to authenticate your API calls in AvaTax.
For HTTP Basic authentication, AvaTax supports two options:
- Your AvaTax username and password
- Your AvaTax account number and license key
-
The simplest type of authentication uses a username and a password. If you use an AvaTax SDK, this encoding is done for you transparently. Just provide your credentials and the SDK will do all the work! For example, here’s how the AvaTax SDK for C# implements username/password authentication:
// Create a client and set up authentication var Client = new AvaTaxClient("MyTestApp", "1.0", Environment.MachineName, AvaTaxEnvironment.Sandbox) .WithSecurity("MyUsername", "MyPassword");
If you are writing your own code, here’s how to construct an authentication token for AvaTax using your username and password:
TASK RESULT Start with the word Basic
followed by username, a colon, and password. There are no spaces between any values.Basic username:password
Replace username
with your username, andpassword
with your password. Ensure that there are no whitespace characters unless those characters are part of your username or password.Basic bob@example.org:bobspasswordgoeshere
Now use your favorite Base64 encoding program to encode the right hand side of the string. Basic Ym9iQGV4YW1wbGUub3JnOmJvYnNwYXNzd29yZGdvZXNoZXJl
Add this to the Authorization
header in your HTTP request.Authorization: Basic Ym9iQGV4YW1wbGUub3JnOmJvYnNwYXNzd29yZGdvZXNoZXJl
-
Legacy License Key Authentication
Each AvaTax account has one (and only one!) legacy license key. Since each account is tied to one environment, this means a customer will typically have two license keys: one license key for sandbox, and one license key for production.
A license key is generated by an account administrator on the AvaTax website, or by calling the AccountResetLicenseKey API. For the moment, let’s focus on how to get a license key through the AvaTax website. Here’s how to generate a license key:
- Log on to the AvaTax website for the appropriate environment.
- Click on Settings
- Click on Reset License Key
-
As you’ll notice, this page is restricted to only account administrators. Keep in mind that you only have one license key and Avalara is unable to recover this key!
When you generate a new license key, all older license keys are immediately revoked and no longer usable. This is helpful because if your license key is lost or stolen you can revoke it instantly. However, generating a new key is a risk because this may affect existing systems using the AvaTax calculation engine.
Let’s construct an authorization using an Avalara License Key:
TASK RESULT Start with the word Basic
followed by accountid and licensekey.Basic accountid:licensekey
Replace accountid
with your account ID number, andlicensekey
with the license key you generated above. Ensure that there are no whitespace characters - an account ID and license key will never have whitespace characters of any kind.Basic 123456789:123456789ABCDEF123456789ABCDEF
Now use your favorite Base64 encoding program to encode the right hand side of the string. Basic MTIzNDU2Nzg5OjEyMzQ1Njc4OUFCQ0RFRjEyMzQ1Njc4OUFCQ0RFRg==
Add this to the Authorization
header in your HTTP request.Authorization: Basic MTIzNDU2Nzg5OjEyMzQ1Njc4OUFCQ0RFRjEyMzQ1Njc4OUFCQ0RFRg==