Chapter 1.2 - Authentication
These items must appear in your request header:
||Unique identifier for your company. Avalara provides this during account creation. Your Client ID is the same across all environments.|
Encode your API KeyThe
api_keyis your Customer Portal "username:password" encoded in Base64. For example, if your username is
firstname.lastname@example.org your password is
Zmlyc3QubGFzdEBhdmFsYXJhLmNvbTpzZWNyZXRwYXNzd29yZCE=. The Communications REST v2 Swagger page automatically generates your api_key for you. To generate the api_key on the Swagger page:
- Enter your username in the
- Enter your password in the
- Click the
api_keyfield. Copy and save this value for later use.
You can also encode a plaintext string to Base64 in Windows Powershell using the following script:
api_keycontains a "=" (for example,
Zmlyc3QubGFzdEBhdmFsYXJhLmNvbTpzZWNyZXRwYXNzd29yZCE=), the cUrl statement in Swagger encodes the "=" special character to the ASCII "%3D" value (
Zmlyc3QubGFzdEBhdmFsYXJhLmNvbTpzZWNyZXRwYXNzd29yZCE%3D). The "%3D" value is decoded to "=" during authentication and does not impact the authentication request.
NoteDifferent factors can impact your
api_key, namely different username capitalization. Usernames are not case sensitive, but passwords are. Base64 encoded values for usernames
First.Last@avalara.comare different but are treated as being identical behind the scenes during authentication. Base64 encoded values for passwords
SecretPassword!are different and cause authentication to fail because the password is not what is expected.