# Authentication Methods

Source: https://developer.avalara.com/avatax-dm-combined-erp/common-setup/authentication/authentication-methods/

# Authentication Methods

AvaTax uses [basic HTTP](https://en.wikipedia.org/wiki/Basic_access_authentication) authentication to connect to the API. Let’s describe exactly how to authenticate your API calls in AvaTax.

For HTTP Basic authentication, AvaTax supports two options:

-   Your AvaTax username and password
-   Your AvaTax account number and license key

Which style of authentication should you choose?

-   If you are building a connector that customers will set up and use on their premises, use **Account ID/License Key** authentication.
-   Otherwise, use **Username/Password** authentication.

Below are examples showing how to use each approach.

## Username and password authentication

The simplest type of authentication uses a username and a password. If you use an AvaTax SDK, this encoding is done for you transparently. Just provide your credentials and the SDK will do all the work! For example, here’s how the AvaTax SDK for C# implements username/password authentication:

```
// Create a client and set up authenticationvar Client = new AvaTaxClient("MyTestApp", "1.0", Environment.MachineName, AvaTaxEnvironment.Sandbox)    .WithSecurity("MyUsername", "MyPassword");
```

Click here to learn how to construct an authentication token for AvaTax using your username and password:

TASK

RESULT

Start with the  word`Basic` followed by username, a colon, and password. There are no spaces between any values.

`Basic username:password`  

Replace`username` with your username, and`password` with your password. Ensure that there are no whitespace characters unless those characters are part of your username or password.

`Basic bob@example.org:bobspasswordgoeshere`  

Now use your favorite [Base64 encoding program](https://www.google.com/webhp#q=base64+encoding) to encode the right hand side of the string.

`Basic Ym9iQGV4YW1wbGUub3JnOmJvYnNwYXNzd29yZGdvZXNoZXJI`  

Add this to the`Authorization` header in your HTTP request.

`Authorization: Basic Ym9iQGV4YW1wbGUub3JnOmJvYnNwYXNzd29yZGdvZXNoZXJI`

## License key authentication

Each AvaTax account has one (and only one!) license key. Because each account is tied to one environment, this means a customer will typically have two license keys: one license key for Sandbox, and one license key for Production.

A license key is generated by an account administrator on the [AvaTax website](https://admin.avalara.com) or by calling the [AccountResetLicenseKey API](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Accounts/AccountResetLicenseKey/).

### Generate a license key using the API

When generating a license key using the [AccountResetLicenseKey API](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Accounts/AccountResetLicenseKey/), you must provide a valid account ID and set the`confirmResetLicenseKey` flag to`true`.

```
curl    -X POST    -H 'Accept: application/json'    -H 'Authorization: Basic ${btoa(`:`)}'    -H 'Content-Type: application/json'    --data '{      "accountId": 123456789,      "confirmResetLicenseKey": true    }' 'https://sandbox-rest.avatax.com/api/v2/accounts/{id}/resetlicensekey'
```

### Generate a license key through the AvaTax website

-   Log on to the AvaTax website for the appropriate environment.
-   Click on **Settings**
-   Click on **Reset License Key**

As you’ll notice, this page is restricted to only account administrators. Keep in mind that you only have one license key, and Avalara is unable to recover this key!

When you generate a new license key, all older license keys are immediately revoked and no longer usable. This is helpful because if your license key is lost or stolen you can revoke it instantly. However, generating a new key is a risk because this may affect existing systems using the AvaTax calculation engine.

Click here to learn how to construct an authorization using an Avalara License Key:

TASK

RESULT

Start with the  word`Basic` followed by username, a colon, and password. There are no spaces between any values.

`Basic username:password`  

Replace`username` with your username, and`password` with your password. Ensure that there are no whitespace characters unless those characters are part of your username or password.

`Basic bob@example.org:bobspasswordgoeshere`  

Now use your favorite [Base64 encoding program](https://www.google.com/webhp#q=base64+encoding) to encode the right hand side of the string.

`Basic Ym9iQGV4YW1wbGUub3JnOmJvYnNwYXNzd29yZGdvZXNoZXJI`  

Add this to the`Authorization` header in your HTTP request.

`Authorization: Basic Ym9iQGV4YW1wbGUub3JnOmJvYnNwYXNzd29yZGdvZXNoZXJI`

[Previous](/avatax-dm-combined-erp/common-setup/authentication/sandbox-vs-production)

[Next](/avatax-dm-combined-erp/common-setup/authentication/ping-the-server)