> ## Documentation Index > Fetch the complete documentation index at: https://docs.taxrock.com/llms.txt > Use this file to discover all available pages before exploring further. # TaxRock Delegate API > Read a TaxRock user's tax-compliance data on that user's behalf, after one-time consent. The TaxRock Delegate API lets your application read a TaxRock user's tax-compliance data **on that user's behalf**, after the user grants consent once. It is a standard OAuth 2.0 **Authorization Code + PKCE** integration. ## What you can read Two read-only endpoints, both looking up a business by its EIN: A client-account-wide compliance summary — every taxpayer on the account, plus not-yet-onboarded pending taxpayers. A single business taxpayer's compliance summary. ## How it works You send the user to TaxRock to log in and consent. TaxRock redirects back to your app with an authorization code. Exchange the code for a long-lived **refresh token** and a short-lived **access token**. Store the refresh token securely, per end-user. Send the access token as a `Bearer` credential. When it expires (\~1 hour), exchange the refresh token for a new one. Start with the [Quickstart](/quickstart) to get from zero to a successful call. ## Sandbox vs. production Everything defaults to the **sandbox** while you build. Two base URLs change between environments; the `audience` is the same in both. | | Auth domain | API base | Audience | | -------------- | ------------------------ | --------------------------------------- | ---------------------------------- | | **Sandbox** | `login-demo.taxrock.com` | `https://delegate-demo.api.taxrock.com` | `https://delegate.api.taxrock.com` | | **Production** | `login.taxrock.com` | `https://delegate.api.taxrock.com` | `https://delegate.api.taxrock.com` | Your `client_id` and `client_secret` are delivered to you per environment. Send us your **callback URL** so we can register it before the connect flow will work.