Developer Portal - TaxStreem

Authentication

All TaxStreem API requests are authenticated using an API key passed in the request header.

API key header

curl -X POST https://api.taxstreem.com/v1/flux/vat/single-filing \
  -H "x-api-key: txsm_test_SK489c..." \
  -H "Content-Type: application/json" \
  -d '{ ... }'

Security:Never expose your API key in client-side code, public repositories, or logs. Store it in environment variables or a secrets manager.

Rev360 credential encryption

Filing endpoints require an encryptedPayload that carries the business's Rev360 username and password, encrypted using your shared secret. This ensures credentials are never transmitted in plaintext.

// Node.js — encrypt Rev360 credentials
import TaxStreem from '@taxstreem/taxstreem-node';

const client = new TaxStreem({
  apiKey: 'txsm_test_SK...',
  sharedSecret: 'your_shared_secret',
});

const encryptedPayload = client.encryption.encryptRev360Credential({
  email: 'user@business.com',
  password: 'tpm_password',
});

Sandbox vs production

Sandbox keys (txsm_test_) submit filings to a test environment. No real filings are created.
Production keys (txsm_live_) trigger real filings to NRS via Rev360.
Always develop and test against sandbox before going live.

← Prerequisites

Error codes & responses →