openapi: 3.1.0 info: title: Avalara Portal OAuth API description: >- The Avalara Portal OAuth API provides OAuth token generation and session management endpoints for implementing authentication in Avalara platform integrations, supporting credential-based authentication and SAML assertions. version: '1.0' contact: name: Avalara Developer Relations url: https://developer.avalara.com/ email: developer.relations@avalara.com license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0 termsOfService: https://legal.avalara.com/#siteterms externalDocs: description: Portal OAuth API Documentation url: https://developer.avalara.com/api-reference/oauth/oauth/ servers: - url: https://identity.avalara.com description: Avalara Identity Production tags: - name: Authentication description: OAuth token generation and management security: [] paths: /connect/token: post: operationId: getToken summary: Avalara Obtain an Access Token description: >- Obtains an OAuth 2.0 access token using client credentials, authorization code, or SAML assertion grant types. tags: - Authentication requestBody: required: true content: application/x-www-form-urlencoded: schema: type: object required: - grant_type - client_id - client_secret properties: grant_type: type: string enum: - client_credentials - authorization_code - urn:ietf:params:oauth:grant-type:saml2-bearer description: OAuth 2.0 grant type client_id: type: string description: OAuth client ID client_secret: type: string description: OAuth client secret scope: type: string description: Requested scopes (space-delimited) code: type: string description: Authorization code (for authorization_code grant) redirect_uri: type: string description: Redirect URI (for authorization_code grant) assertion: type: string description: SAML assertion (for SAML grant) responses: '200': description: Token generated successfully content: application/json: schema: $ref: '#/components/schemas/TokenResponse' '400': description: Invalid request content: application/json: schema: $ref: '#/components/schemas/OAuthError' '401': description: Invalid credentials content: application/json: schema: $ref: '#/components/schemas/OAuthError' /connect/authorize: get: operationId: authorize summary: Avalara Authorization Endpoint description: >- Initiates the OAuth 2.0 authorization code flow by redirecting the user to the Avalara login page. tags: - Authentication parameters: - name: response_type in: query required: true schema: type: string enum: - code - name: client_id in: query required: true schema: type: string - name: redirect_uri in: query required: true schema: type: string - name: scope in: query schema: type: string - name: state in: query schema: type: string responses: '302': description: Redirect to login page /connect/revocation: post: operationId: revokeToken summary: Avalara Revoke a Token description: Revokes an active access or refresh token. tags: - Authentication requestBody: required: true content: application/x-www-form-urlencoded: schema: type: object required: - token properties: token: type: string token_type_hint: type: string enum: - access_token - refresh_token client_id: type: string client_secret: type: string responses: '200': description: Token revoked components: schemas: TokenResponse: type: object properties: access_token: type: string description: The OAuth 2.0 access token token_type: type: string enum: - Bearer expires_in: type: integer description: Token expiry time in seconds scope: type: string description: Granted scopes refresh_token: type: string description: Refresh token (if applicable) OAuthError: type: object properties: error: type: string enum: - invalid_request - invalid_client - invalid_grant - unauthorized_client - unsupported_grant_type - invalid_scope error_description: type: string