# Data and access requirements

Source: https://developer.avalara.com/ai-onboarding/ozz3966690078677/

# Data and access requirements

This topic describes the data access, API access, permissions, and safeguards required to support AI-assisted onboarding and post onboarding monitoring workflows.

## ERP system access

This section describes the ERP system data and context required by the connector application and AI agent.

Table 1. ERP system data and context access

Category

Details

**Read**

-   Entity, Company Information
-   Location (address sublist)
-   Customer (addresses/contacts)
-   Item (all types)
-   Transaction history (for economic nexus analysis)
-   Avalara connector preferences/mappings

**Write**

-   Item AvaTax tax code fields
-   Custom Onboarding Run records
-   Connector settings (no transactional posting during onboarding)

**Context**

-   Current page and record context
-   Record type and identifier
-   Page context used for screen-aware AI responses

## AvaTax APIs

This section lists the AvaTax APIs used during onboarding and post onboarding workflows.

-   **Company APIs**: Used to read and manage AvaTax company configuration.

    -   `[QueryCompanies](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Companies/QueryCompanies/)`
    -   `[CreateCompanies](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Companies/CreateCompanies/)`
    -   `[GetCompany](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Companies/GetCompany/)`
    -   `[UpdateCompany](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Companies/UpdateCompany/)`
    -   `[CompanyInitialize](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Companies/CompanyInitialize/)`
    -   `[GetCompanyConfiguration](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Companies/GetCompanyConfiguration/)`
-   **Nexus APIs**: Used to manage physical and economic nexus declarations.

    -   `[ListNexusByCompany](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Nexus/ListNexusByCompany/)`
    -   `[CreateNexus](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Nexus/CreateNexus/)`
    -   `[GetNexus](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Nexus/GetNexus/)`
    -   `[UpdateNexus](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Nexus/UpdateNexus/)`
    -   `[DeleteNexus](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Nexus/DeleteNexus/)`
    -   `[DeclareNexusByAddress](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Nexus/DeclareNexusByAddress/)`
-   **Item APIs**: Used for item classification and tax code assignment.

    -   `[ListItemsByCompany](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Items/ListItemsByCompany/)`
    -   `[CreateItems](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Items/CreateItems/)`
    -   `[UpdateItem](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Items/UpdateItem/)`
    -   `[ListItemClassifications](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Items/ListItemClassifications/)`
    -   `[CreateItemClassifications](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Items/CreateItemClassifications/)`
    -   `[TaxCodeRecommendations](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Items/GetItemTaxCodeRecommendations/)`
-   **Addresses API**: Used to validate addresses and determine jurisdiction.

    `[ResolveAddressPost](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Addresses/ResolveAddressPost/)`

    -   Address validation and geocoding

    -   Jurisdiction identification

## ECMS and customer APIs

This section lists the ECMS and customer APIs used by onboarding workflows.

**Customer APIs**: Used to synchronize customer records.

-   `[QueryCustomers](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Customers/QueryCustomers/)`
-   `[CreateCustomers](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Customers/CreateCustomers/)`
-   `[GetCustomer](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Customers/GetCustomer/)`
-   `[UpdateCustomer](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Customers/UpdateCustomer/)`

**Certificate APIs**: Used to manage exemption certificates.

-   `[QueryCertificates](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Certificates/QueryCertificates/)`
-   `[CreateCertificates](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Certificates/CreateCertificates/)`
-   `[UploadCertificateImage](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Certificates/UploadCertificateImage/)`
-   `[LinkCertificatesToCustomer](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Customers/ListCertificatesForCustomer/)`

**CertExpress API**: Used to support customer-driven certificate submission and renewal.

`[CreateCertExpressInvitation](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/CertExpressInvites/CreateCertExpressInvitation/)`

-   Email and URL generation for customer self-service
-   Renewal campaign support

## User permissions

This section describes the user permissions required in AvaTax and the ERP system to perform onboarding and post onboarding workflows.

Table 2. User permission requirements

Area

Requirements

**AvaTax permissions**

**CompanyAdmin** or higher permission level is required to create and manage AvaTax companies, declare and update nexus, manage item tax codes, and perform customer and certificate–related configuration.

**ERP permissions**

Administrator-level access is required to manage entities, items, customers, and connector settings

**Credentials**

AI-assisted workflows reuse the AvaTax credentials already configured in the connector application. No separate authentication or additional credentials are required.

## AI and LLM layer

This section describes how the AI and language model layer handles data, produces outputs, and applies guardrails during onboarding and post onboarding workflows.

Table 3. AI and LLM layer behavior

Area

Description

**Data handling**

AI processing is hosted within a secure environment. Personally identifiable information, including customer data and exemption certificates, is processed with appropriate safeguards. Data access is limited to what is required to generate recommendations and explanations.

**Outputs**

The AI generates ranked suggestions with supporting rationale, configuration recommendations, and AvaTax tax code classification suggestions. All outputs are presented for user review and approval before execution.

**Guardrails**

The AI provides recommendations only and doesn’t implement write operations independently. All configuration changes require explicit user confirmation and follow the confirm then implement execution model.