Portal OAuth API
The Avalara Portal OAuth API provides OAuth token generation and session management endpoints for implementing authentication in Avalara platform integrations, supporting credential-based authentication and SAML assertions.
OpenAPI Specification
openapi: 3.1.0
info:
title: Avalara Portal OAuth API
description: >-
The Avalara Portal OAuth API provides OAuth token generation and session
management endpoints for implementing authentication in Avalara platform
integrations, supporting credential-based authentication and SAML assertions.
version: '1.0'
contact:
name: Avalara Developer Relations
url: https://developer.avalara.com/
email: [email protected]
license:
name: Apache 2.0
url: https://www.apache.org/licenses/LICENSE-2.0
termsOfService: https://legal.avalara.com/#siteterms
externalDocs:
description: Portal OAuth API Documentation
url: https://developer.avalara.com/api-reference/oauth/oauth/
servers:
- url: https://identity.avalara.com
description: Avalara Identity Production
tags:
- name: Authentication
description: OAuth token generation and management
security: []
paths:
/connect/token:
post:
operationId: getToken
summary: Avalara Obtain an Access Token
description: >-
Obtains an OAuth 2.0 access token using client credentials, authorization
code, or SAML assertion grant types.
tags:
- Authentication
requestBody:
required: true
content:
application/x-www-form-urlencoded:
schema:
type: object
required:
- grant_type
- client_id
- client_secret
properties:
grant_type:
type: string
enum:
- client_credentials
- authorization_code
- urn:ietf:params:oauth:grant-type:saml2-bearer
description: OAuth 2.0 grant type
client_id:
type: string
description: OAuth client ID
client_secret:
type: string
description: OAuth client secret
scope:
type: string
description: Requested scopes (space-delimited)
code:
type: string
description: Authorization code (for authorization_code grant)
redirect_uri:
type: string
description: Redirect URI (for authorization_code grant)
assertion:
type: string
description: SAML assertion (for SAML grant)
responses:
'200':
description: Token generated successfully
content:
application/json:
schema:
$ref: '#/components/schemas/TokenResponse'
'400':
description: Invalid request
content:
application/json:
schema:
$ref: '#/components/schemas/OAuthError'
'401':
description: Invalid credentials
content:
application/json:
schema:
$ref: '#/components/schemas/OAuthError'
/connect/authorize:
get:
operationId: authorize
summary: Avalara Authorization Endpoint
description: >-
Initiates the OAuth 2.0 authorization code flow by redirecting
the user to the Avalara login page.
tags:
- Authentication
parameters:
- name: response_type
in: query
required: true
schema:
type: string
enum:
- code
- name: client_id
in: query
required: true
schema:
type: string
- name: redirect_uri
in: query
required: true
schema:
type: string
- name: scope
in: query
schema:
type: string
- name: state
in: query
schema:
type: string
responses:
'302':
description: Redirect to login page
/connect/revocation:
post:
operationId: revokeToken
summary: Avalara Revoke a Token
description: Revokes an active access or refresh token.
tags:
- Authentication
requestBody:
required: true
content:
application/x-www-form-urlencoded:
schema:
type: object
required:
- token
properties:
token:
type: string
token_type_hint:
type: string
enum:
- access_token
- refresh_token
client_id:
type: string
client_secret:
type: string
responses:
'200':
description: Token revoked
components:
schemas:
TokenResponse:
type: object
properties:
access_token:
type: string
description: The OAuth 2.0 access token
token_type:
type: string
enum:
- Bearer
expires_in:
type: integer
description: Token expiry time in seconds
scope:
type: string
description: Granted scopes
refresh_token:
type: string
description: Refresh token (if applicable)
OAuthError:
type: object
properties:
error:
type: string
enum:
- invalid_request
- invalid_client
- invalid_grant
- unauthorized_client
- unsupported_grant_type
- invalid_scope
error_description:
type: string