Batch Upload API

API Authentication

The Batch Upload API supports the following forms of authentication

OAuth

OAuth 2.0

OAuth (Open Authorization) is an open standard for access delegation. It allows users to grant third-party applications limited access to their resources without sharing their credentials. OAuth is commonly used for token-based authentication. Follow the steps below to configure OAuth 2.0

Step 1: Client Registration
To use the API, Wolters Kluwer and the SureTax Solution Team will need to register your application.

What You Need to Provide

  • Application Name
  • Application Description
  • Redirect URL

What You Will Receive

After registration, you will receive your Client Credentials: a Client ID and a Client Secret.

Step 2: Obtain Authorization from the Resource Owner
Having received your **Credentials** , it is now time to obtain authorization to the SureTax API Gateway.

What You Need to Do

  • Redirect the User: Direct the user to the authorization server's authorization endpoint, sending in the Client ID, requested Scopes, and Redirect URI that you received in the previous step.

  • Handle the Redirect: After the user grants permission, handle the redirect from the authorization server, which includes an Authorization Code.

Step 3: Exchange Authorization Code for Access Token
In this step, the customer's application will exchange the authorization code for an access token.

What the Customer Needs to Do:

  • Token Request: Make a POST request to your token endpoint. Include the following parameters in the request body:
    • client_id: Your application's client ID.
    • client_secret: Your application's client secret.
    • scope: The scope define the access permissions granted to an application.
    • grant_type: Specifies the authentication method used to obtain an access token.

What to Expect from Your API:

  • Response: Upon successful exchange, your API will return a JSON response containing:
    • access_token: The token used to authenticate API requests.
    • token_type: The type of the token, usually "Bearer".
    • expires_in: The lifetime of the access token in seconds.
    • expires_on: This parameter specifies the timestamp at which the token will expire.
    • refresh_token: A token used to obtain a new access token when the current one expires.
    • scope: The scopes granted by the access token.

Example of a Response:

{
  "access_token": "ACCESS_TOKEN_HERE",
  "token_type": "Bearer",
  "not_before": 1736374022,
  "expires_in": 3600,
  "expires_on": 1736377622,
  "resource": "RESOURCE_GUID"
}
Step 4: Access Protected Resources

The customer’s application uses the access token to access protected resources.

What the Customer Needs to Do:

  • API Request: Include the access token in the Authorization header of API requests to your protected resources.