API Token Rotation Process FAQ

As we state here, TaxJar support can reset your API Token.  Below are frequently asked questions regarding rotating API tokens: 

Who is able to request an API token rotation for a TaxJar account?
Who is considered an admin user of a TaxJar account?
What does TaxJar Support need to know before they are able to reset or rotate an API token?
What is the process that TaxJar takes when they reset an API token?

Who is able to request an API token rotation for a TaxJar account?

  • The account owner, or an admin user, of the TaxJar account can write into support@taxjar.com and request an API token rotation.
  • Please note, TaxJar will not rotate an API token at the request of a user who is not the account owner or an admin user for the TaxJar account.

Who is considered an admin user of a TaxJar account?

  • If a TaxJar account has multiple users, only users who have been designated with the  Administrator Role, and the Account Owner would have the permissions available to request an API token rotation. 
  • You can read more about TaxJar account role permissions in our knowledge base here
  • Additionally, if you need to know how to create additional users and roles in a Professional TaxJar account, you can follow the steps included in this article, which explains how to add multi-user access and roles to a TaxJar account.

What does TaxJar Support need to know before they are able to reset or rotate an API token?

  • The user requesting the change needs to be verified as the account owner or an admin user for the TaxJar account.
  • If the TaxJar account has the maximum number of API tokens (3), the Support Team will need to know which API token the user would like to have revoked, before a new API token can be generated.

What is the process that TaxJar takes when they reset an API token?

  1. After verifying that the rotation request is coming from an approved user, the Support Team will create a new API token.
  2. The Support Team will then send an email to the user who requested the change (as well as to the email address of the account owner) informing them of the change and requesting that the user switch to the new API token.
  3. When the user has replied back and confirmed that they have switched to the newly generated API token, the TaxJar Support Team will revoke the old API token.

If the user has 3 API tokens the process differs slightly and instead occurs as follows:

  1. After verifying that the rotation request is coming from an approved user, the Support Team will ask the user to provide the last 4 digits of the API token that they would like to have revoked.
  2. Once confirmed, the Support Team will revoke the specified API token and then generate a new API token.
  3. The Support Team will then send an email to the user who requested the change (as well as to the email address of the account owner) informing them of the change and requesting that the user switch to the new API token.