# AvaTax configuration window

Source: https://developer.avalara.com/vat-erp/designing/avatax-configuration-window/

**Element type:** Required

**Endpoints/models used:** [QueryCompanies](https://developer.avalara.com/api-reference/avatax/rest/v2/methods/Companies/QueryCompanies/)

Your configuration dialog window must allow the user to specify the following configuration/connection information:

-   Service URL to access the connector (for example, Production or Sandbox)

-   Sign in with an account number/license key or with username/password

![A screenshot showing an example AvaTax configuration window.](https://avalara-devdocs-prod.mcoutput.com/vat-erp/Resources/Images/DevDot/avatax_settings_504x305.png)  

## Configuring authentication

When configuring the authentication method, keep in mind that account ID/license key and username/password authentication are similar in practice. So, why would you choose one over the other? Let’s look at the advantages and disadvantages of license key authentication.

-   Advantages:

    -   License keys have stronger entropy when compared to a username/password, and are harder to attack.

    -   Account ID / license key authentication isn’t user-specific and won’t expire if one user resets their password.

    -   All basic authentication headers are protected by strong SSL encryption in transit to Avalara.

-   Disadvantages:

    -   There’s only one license key for each account.

    -   Revoking your license key will cause all API calls with the old license key to fail.

    -   It isn’t possible to identify individual users taking an action when license key authentication is used.

Usually, use account ID / license key authentication when implementing connectors. As indicated above, your software should have a configuration page or file that allows a customer to type in their credentials when they set up your connector; then all API calls made through your connector will use these credentials.

**Advice**: When designing a method for users to authenticate, consider providing a way to mask the password as the user is typing it, along with an option to show the password.