# AvaTax and Document Management configuration window

Source: https://developer.avalara.com/avatax-dm-combined-erp/common-setup/design-the-user-experience/admin/avatax-dm-configuration-window/

# AvaTax and Document Management configuration window

**Element type: Required**

**Enpoints used:** [QueryCompanies](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Companies/QueryCompanies/)

The configuration window for an AvaTax + Document Management integration must allow users to specify the following configuration/connection information:

-   Service URL to access the connector (for example, Production or Sandbox)
-   [Login with Account Number/License Key or with Username/Password](/avatax-dm-combined-erp/common-setup/authentication/authentication-methods)
-   [Company Code dropdown with lookup](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Companies/QueryCompanies/)

## Configuring authentication

When configuring the [authentication method](/avatax-dm-combined-erp/common-setup/authentication/authentication-methods), keep in mind that account ID/license key and username/password authentication are very similar in practice. So why would you choose one over the other? Let’s look at the advantages and disadvantages of license key authentication.

-   Advantages:
    -   License keys have much stronger entropy when compared to a username/password, and are harder to attack.
    -   Account ID / license key authentication is not user-specific and will not expire if one user resets their password.
    -   All basic authentication headers are protected by strong SSL encryption in transit to Avalara.
-   Disadvantages:
    -   There is only one license key for each account.
    -   Revoking your license key will cause all API calls with the old license key to fail.
    -   It is not possible to identify individual users taking an action when license key authentication is used.

Your software should have a configuration page or file that allows a customer to type in their their credentials when they set up your connector; then all API calls made through your connector will use these credentials.

**Advice:** When designing a method for users to authenticate, consider providing a way to mask the password as the user is typing it, along with an option to show the password.

## Configuring company code lookup

The [QueryCompanies API](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Companies/QueryCompanies/) is a method to [test your connection](/avatax-dm-combined-erp/common-setup/design-the-user-experience/admin/avatax-test-connect-button). This endpoint will retrieve either the single company that you configured and it to the form in your UI, or if you have multiple, it will return a dropdown list of your configured companies.

```
curl    -X GET    -H 'Accept: application/json'    -H 'Authorization: Basic ${btoa(`:`)}'    'https://sandbox-rest.avatax.com/api/v2/companies'
```

[Previous](/avatax-dm-combined-erp/common-setup/configure-your-account/configuring-avatax-faq)

[Next](/avatax-dm-combined-erp/common-setup/design-the-user-experience/admin/avatax-test-connect-button)