Authentication with API Keys
When you create a Tax ID Pro account, an API key is generated for you automatically. You can view your API key and generate additional keys, up to a total of three, by logging in and visiting your settings page. Treat your API keys like passwords and keep them secret.
API requests may be authorized in one of two ways:
- Include your API key as an HTTP header (recommended)
- Include your API key as a query parameter
Authorization Header Example (Recommended)
Including your key in the Authorization header is the recommended approach, as it will work for all request types, it prevents cross-origin abuse, and it will eliminate the need to include your key as a query parameter. Here is an example using the Axios HTTP library to set the header:
const res = await axios.get('https://v3.api.taxid.pro/validate', {
params: { country: 'ca', tin: '365742618', type: 'individual' },
headers: { Authorization: 'Bearer YOUR_API_KEY' },
})
Query Parameter Example
Your key may be included as a query parameter on any request. Here is an example of a validation request for any type of tax id using a query parameter to set the API key:
GET https://v3.api.taxid.pro/validate
?country=pl
&tin=4928621937
&type=individual
&api_key=YOUR_API_KEY
Keeping your API Key Secure
You must not use your API key in client-side code. Keep your API key a secret and only use it in server-side code that is not publicly accessible. Proxy your API requests through your server to prevent theft and abuse of the API key. Protect your server endpoints using a CORS policy that only allows traffic from hosts that you control and trust.
If you need assistance setting up your implementation, don't hesitate to contact us!