Developer API — Beta
Embed tax intelligence
in your product.
The TaxOS REST API gives your application access to the same AI-powered tax engine used by licensed professionals. Authenticate with a Bearer key, receive real-time webhooks, stay compliant.
Authentication
All requests to /api/v1/* require an Authorization: Bearer header with your API key. Keys are created and managed from your portal dashboard. Each key carries a monthly request limit (default 1,000). Contact us to increase limits.
curl -X POST https://taxosagent.com/api/v1/analyze \
-H "Authorization: Bearer txo_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"scenario":"S-Corp owner, $180K profit, no salary yet","tax_year":2025}'Endpoints
Example response
{
"success": true,
"data": {
"tax_year": 2025,
"strategies": [
{
"name": "Reasonable Compensation Election",
"potential_savings": "$12,240",
"confidence": 0.97
}
]
}
}Webhooks
Register an HTTPS endpoint in your webhook dashboard to receive real-time event payloads. Every delivery is signed with HMAC-SHA256. Always verify the signature before processing.
Supported events
Signature verification
Each request includes X-TaxOS-Signature: t=<timestamp>,v1=<sig>. Reject deliveries older than 300 seconds to prevent replay attacks.
// Verify signature in Node.js
const crypto = require('crypto');
function verifySignature(secret, rawBody, signatureHeader) {
const [tPart, vPart] = signatureHeader.split(',');
const ts = tPart.replace('t=', '');
const sig = vPart.replace('v1=', '');
const expected = crypto
.createHmac('sha256', secret)
.update(`${ts}.${rawBody}`)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(sig),
Buffer.from(expected)
);
}Rate limits
Support
Questions or need a higher limit? api@taxosagent.com