Skip to main content
Avalara Help Center

Update your CertCapture for eCommerce Integration


You received email alerts about improvements to CertCapture for eCommerce released on June 14th, 2018 or received a pop-up alert in the CertCapture application reminding you to update. This article contains instructions for updating your ecommerce integration to use tokenization.

See Install CertCapture for eCommerce if this is your first time installing the integration.

Important Notes:

  • If you're updating your ecomm integration to use an authorization token, remove "?cid=[value]&key=[value]" from the URL used in your JavaScript.
  • Node.js and JavaScript examples should be used for reference only. Avalara does not recommend storing API credentials in JavaScript.
  • For the security of your customer's data, please use a server side implementation


  • An eCommerce API username and password
  • An understanding of JavaScript and custom scripting
  • This API is delivered through a JavaScript 
    • The JavaScript tag must be referenced on any webpage making API calls 
  • To allow customers to edit existing purchaser information, set the edit_purchaser function to true. See Customize your script with functions

eCommerce Plugin Demo

Generate an example script with your token and parameters at the Avalara Developer resource center.


What happens to my ecommerce integration if I don't update it? October 30th, 2018

The integration continues to work without an update, but certain functionality now requires an authorization token for increased security.

Customers using an ecommerce integration that hasn't been updated:

  • Can't view and complete a document with custom fields
  • Can't review or edit their customer information on repeated visits to your ecommerce platform
  • Can't view or download a PDF copy of the exemption document after it's been submitted to your ecommerce platform
  • Can't validate tax numbers when completing federal withholding forms January 9, 2019

On January 9th, 2019, the CertCapture for eCommerce integration will require an authorized token to function. Any integration that has not been updated by this date will generate an error when attempting to load.

Update your CertCapture eCommerce integration

A website with CertCapture for eCommerce must now request an authorization token from CertCapture before your customer can create an exemption document. To ensure uninterrupted communication between your ecommerce platform and CertCapture, your website administrator should follow these steps.

You'll reference an API endpoint in our CertCapture REST API documentation.

  1. Sign into CertCapture and go to Settings > Company Settings > Company Details > eCommerce Settings, and then click Manage eCommerce Account.
    • Only a user with Admin permissions can access this setting
    • If this tab isn't present, an Admin must enable eCommerce in Settings > Account Settings > Account Details > Features.
  2. Enter a username, API password, and your CertCapture email address. Click Save
    • You'll use the username and API password again in Step 4
    • If you have multiple CertCapture companies, you may re-use an email address but must use a different username for each company you set up an ecommerce integration for
  3. Go to Settings > Company Settings > Company Details > Company Information and note the Company ID.
    • You'll also use the Company ID in Step 4
    • The API refers to the Company ID value as the client-id
  4. Generate a token using the username and password you just created, and the Company (client) ID. 
    • Tokens expire after one hour. Avalara recommends using a unique token per session
      • If a session lasts longer than sixty minutes, CertCapture refreshes the token to avoid interruptions
    • Token generation requires
      1. A customer number identifying the customer interacting with the ecommerce integration
      2. Your Company ID, which the API refers to as the client-id
    • Generate the token using the headers specified in the API documentation: x-client-id, Authorization, and x-customer-number 
      • Example: 'x-client-id': '12345', 'Authorization': 'Basic MYAUTHSTRING=', 'x-customer-number': '123'
      • Using the wrong headers causes the error: "You do not have any exposures exempt at this time"
      • To test that your token is valid, paste it in the Encoded section of this site. Payload Data should contain "customer_number" and "client_id"
    • Use the drop-downs above the Header section on the right to view code examples in different languages, including Javascript, cURL, PHP, and more
    • The token code should be installed server side. 
  5. IMPORTANT: Remove "?cid=[value]&key=[value]" from the URL in your JavaScript. 
    • The new URL should be 
  6. The API endpoint generates a JSON Web Token that facilitates security between CertCapture and your platform for each ecommerce customer that creates an exemption document. This endpoint must be called from your web application server to retrieve an authentication token for each ecommerce customer.
  7. Token values should be incorporated into the scripts on your front-end site. 

A JavaScript tag must be added to your webpage by your company's web developer. Include this JavaScript tag on any application page that requires use of the CertCapture for eCommerce form.

<script src=""></script>

See Install CertCapture for eCommerce for incorporating your token, initializing your webform, and customizing your webform with functions.


Simple Script Example Advanced Script Example

           <script src=""></script>
        <div id="form_container"></div>
            GenCert.init(document.getElementById("form_container"), {

                // The token and zone must set to start the process!!!

                token: ‘<token generated from your web application server>’,
                ship_zone: 'New York',

        <script src=""></script>
        <div id="form_container"></div>
            GenCert.init(document.getElementById("form_container"), {

              // The token and zone must set to start the process!

                token: ‘<token generated from your web application server>’,

                onCertSuccess: function() {

                  alert('Certificate successfully generated with id:' + GenCert.certificateIds);

                  window.location = '/home';


                onCancel: function() {

                  window.location = '/home';



            GenCert.setCustomerNumber('CustomerTestGencert4'); // create customer

            customer = new Object();

   = 'TEST NAME';

            customer.address1 = '1300 EAST CENTRAL';

   = 'San Francisco';

            customer.state = 'California';

   = 'United States';

   = ‘555-555-5555’;

            customer.fax = ‘555-555-5555’;

   = '89890';




  • Was this article helpful?