Skip to main content

Authentication

All API requests require OAuth2 Client Credentials authentication.

Getting Access Token

curl -X POST https://auth.vatcompliance.com/oauth/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET"

Response:

{
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...",
  "token_type": "Bearer",
  "expires_in": 36000
}

Using the Token

Include the token in all API requests:

curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  https://api.abacus.com/api/...

Token Management

Implement automatic refresh before expiration
Store tokens securely
Use separate tokens for sandbox and production

Sandbox Environment

Base URL: https://auth.dev.vatcompliance.com/oauth/token
Same authentication flow
Test credentials provided during onboarding

Getting Access Token
Using the Token
Token Management
Sandbox Environment