TaxRock Delegate API - TaxRock Delegate API

The TaxRock Delegate API lets your application read a TaxRock user’s tax-compliance data on that user’s behalf, after the user grants consent once. It is a standard OAuth 2.0 Authorization Code + PKCE integration.

What you can read

Two read-only endpoints, both looking up a business by its EIN:

Client account lookup

A client-account-wide compliance summary — every taxpayer on the account, plus not-yet-onboarded pending taxpayers.

Taxpayer lookup

A single business taxpayer’s compliance summary.

How it works

The user connects (once)

You send the user to TaxRock to log in and consent. TaxRock redirects back to your app with an authorization code.

Your backend gets tokens

Exchange the code for a long-lived refresh token and a short-lived access token. Store the refresh token securely, per end-user.

You call the API

Send the access token as a Bearer credential. When it expires (~1 hour), exchange the refresh token for a new one.

Start with the Quickstart to get from zero to a successful call.

Sandbox vs. production

Everything defaults to the sandbox while you build. Two base URLs change between environments; the audience is the same in both.

	Auth domain	API base	Audience
Sandbox	`login-demo.taxrock.com`	`https://delegate-demo.api.taxrock.com`	`https://delegate.api.taxrock.com`
Production	`login.taxrock.com`	`https://delegate.api.taxrock.com`	`https://delegate.api.taxrock.com`

Your client_id and client_secret are delivered to you per environment. Send us your callback URL so we can register it before the connect flow will work.

Quickstart

⌘I

​What you can read

Client account lookup

Taxpayer lookup

​How it works

​Sandbox vs. production

What you can read

How it works

Sandbox vs. production