Skip to main content
Open this URL in the user’s browser to start the connect flow. The user logs in to TaxRock and consents. TaxRock redirects to your registered callback with ?code=...&state=.... This is an interactive browser redirect, not a JSON endpoint. Verify the state value does not change, and exchange the returned code at Get or refresh a token. Pick your environment, paste your client_id and code_challenge, then copy the URL:

Query parameters

response_type
string
required
Must be code.
client_id
string
required
Your client ID for the environment.
redirect_uri
string
required
Your callback URL, registered with TaxRock.
scope
string
required
Space-delimited. Use offline_access read:client-accounts. The offline_access scope is what yields a refresh token.
audience
string
required
https://delegate.api.taxrock.com (the same in both environments).
code_challenge
string
required
The PKCE S256 challenge derived from your code_verifier.
code_challenge_method
string
required
Must be S256.
state
string
An opaque value echoed back to your callback. Verify it matches what you sent.
See the Authentication Details reference for more information.