Auth Token


The TaxBit APIs use bearer tokens to authenticate requests. TaxBit uses two different bearer tokens:

Tenant Scoped Bearer Token: The tenant scoped bearer token is the primary authorization mechanism. It allows you to make requests to the following endpoints:

  • Users
  • Account Owner
  • Transactions
  • Assets
  • Documents
  • Form Items
  • Gains
  • Inventory
  • Payers
  • Recon

Account Owner Scoped Bearer Token: The Account Owner Scoped Bearer token is primarily used when leveraging TaxBit's W8/W9 solution. This authorization mechanism allows you to submit and retrieve Tax Documentation to/from TaxBit on Account Owner’s behalf. This token allows you to make requests to the following endpoints:

  • Tax Documentation

Available Actions

  • Request a Tenant Scoped Bearer Token: Take this action to request a tenant scoped bearer token. Once you receive a tenant scoped bearer token, it is valid for 24 hours.
  • Request an Account Owner Scoped Bearer Token: Take this action to generate an account owner-scoped bearer token. This token serves as the authorization mechanism enabling you to submit and access Tax Documentation on behalf of the account owner. It is specifically designed for use with Tax Documentation endpoints and is primarily employed by customers using our W8/W9 solution.


Your TaxBit API credentials will be shared with you as part of the onboarding process. You can access your API credentials in the SendSafely account provided by your Implementation Manager.

Obtain your API credentials, including your client ID, client secret, and tenant_ id, from your TaxBit Implementation Manager.

To retrieve an account owner scoped bearer token, you first need to create an Account Owner. (POST accountOwner link). You will need the Account Owner ID that is returned upon creation to get this bearer token.

Token Security

The credentials provided will be:

  • client_id
  • client_secret
  • tenant_id

A bearer token is required for all subsequent API calls, so be sure to keep it secure. Don’t share your credentials and bearer tokens in publicly accessible areas. Use secure communication channels, such as HTTPS, when transmitting the token to and from the API.

Each token is only valid for 24 hours. After a token expires, it will be necessary to request a replacement token from this endpoint.

Refreshing the Token

The Bearer Token expires 24 hours after generation. When the token expires, retrieve a new token to continue accessing the API.