Batch Upload API

API Authentication

The Batch Upload API supports the following forms of authentication

OAuth

OAuth 2.0

OAuth (Open Authorization) is an open standard for access delegation. It allows users to grant third-party applications limited access to their resources without sharing their credentials. OAuth is commonly used for token-based authentication. Follow the steps below to configure OAuth 2.0

Step 1: Client Registration
To use the API, Wolters Kluwer and the SureTax Solution Team will need to create an account in SureTax.

Find your credentials

  • 1. Log in to SureTax portal
  • 2. Go to account setttings
  • 3. In Client details
    • Get Base URL
    • Get Token URL
    • Get Scope
    • Get Client ID
    • Get Client secret

If you don't find this information or are unable to log in to SureTax, please reach out to support.

Step 2: Exchange Authorization Code for Access Token
In this step, the customer's application will exchange the authorization code for an access token.

What the Customer Needs to Do:

  • Token Request: Make a POST request using the Token URL. including the following parameters in the request body:
    • authorization_code: The authorization code received from the authorization server.
    • client_id: Your application's client ID.
    • client_secret: Your application's client secret.
    • redirect_uri: The URI where the authorization code was sent.

What to Expect from Your API:

  • Response: Upon successful exchange, your API will return a JSON response containing:
    • access_token: The token used to authenticate API requests.
    • token_type: The type of the token, usually "Bearer".
    • expires_in: The lifetime of the access token in seconds.
    • refresh_token: A token used to obtain a new access token when the current one expires.
    • scope: The scopes granted by the access token.

Example of a Response:

{
  "access_token": "ACCESS_TOKEN_HERE",
  "token_type": "Bearer",
  "expires_in": 3600,
  "refresh_token": "REFRESH_TOKEN_HERE",
  "scope": "requested_scopes"
}
Step 3: Access Protected Resources

The customer’s application uses the access token to access protected resources.

What the Customer Needs to Do:

  • API Request: Include the access token (Bearer Token) in the Authorization header of API requests to your protected resources.