# Configuring authentication

Source: https://developer.avalara.com/products/ecm/integration-guides/document-management/ztc4788162197830/

Guide: Exemption Certificate Management (ECM)

# Configuring authentication

Understand the advantages and disadvantages of account ID/license key authentication to configure the best method for your needs.

When configuring the authentication method, keep in mind that account ID/license key and username/password authentication are similar in practice. So, why would you choose one over the other? Let’s look at the advantages and disadvantages of license key authentication.

-   Advantages:

    -   License keys have stronger entropy when compared to a username/password, and are harder to attack.

    -   Account ID/license key authentication isn’t user-specific and won’t expire if one user resets their password.

    -   All basic authentication headers are protected by strong SSL encryption in transit to Avalara.

-   Disadvantages:

    -   There’s only one license key for each account.

    -   Revoking your license key will cause all API calls with the old license key to fail.

    -   It isn’t possible to identify individual users taking an action when license key authentication is used.

Usually, use account ID/license key authentication when implementing connectors. As indicated above, your software should have a configuration page or file that allows a customer to type in their credentials when they set up your connector; then all API calls made through your connector will use these credentials.

Tip

When designing a method for users to authenticate, consider providing a way to mask the password as the user is typing it, along with an option to show the password.

**Parent topic:** [AvaTax configuration window](/document-management/gpv1621199904590/ "Understand the required elements and endpoints for configuring the AvaTax connection.")