> ## Documentation Index
> Fetch the complete documentation index at: https://docs.taxrock.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

> Read the compliance data of a TaxRock user's clients, after one-time consent.

The TaxRock Delegate API lets your application read TaxRock
data **on a TaxRock user's behalf**, after the user grants consent once. It is a standard
OAuth 2.0 **Authorization Code + PKCE** integration.

## How it works

<Steps>
  <Step title="The user connects (once)">
    You send the user to TaxRock to log in and consent. TaxRock redirects back to
    your app with an authorization code.
  </Step>

  <Step title="Your backend gets tokens">
    Exchange the code for a long-lived **refresh token** and a short-lived
    **access token**. Store the refresh token securely, per end-user.
  </Step>

  <Step title="You call the API">
    Send the access token as a `Bearer` credential. When it expires (\~1 hour),
    exchange the refresh token for a new one.
  </Step>
</Steps>

Start with the [Quickstart](/quickstart) to get from zero to a successful call.

## Sandbox vs. production

Everything defaults to the **sandbox** while you build. Two base URLs change between
environments. The `audience` is the same in both.

|                | Auth domain              | API base                                | Audience                           |
| -------------- | ------------------------ | --------------------------------------- | ---------------------------------- |
| **Sandbox**    | `login-demo.taxrock.com` | `https://delegate-demo.api.taxrock.com` | `https://delegate.api.taxrock.com` |
| **Production** | `login.taxrock.com`      | `https://delegate.api.taxrock.com`      | `https://delegate.api.taxrock.com` |

<Note>
  Your `client_id` and `client_secret` are delivered to you per environment. Send us
  your **callback URL** so we can register it before the connect flow will work.
</Note>
