Guide

Authentication

Tax API identifies the merchant and validates request access through the `ApiKey` header. Store the credential securely on the server side and pass it correctly with every request.

Header AuthenticationServer-side Only

Request Header

Header Key	Required	Description
`ApiKey`	Yes	API access credential provided by Onerway to the merchant

Usage Requirements

Store and use ApiKey only on the server side
Do not expose it in frontend pages, mobile apps, or public source repositories
It is recommended to manage the credential through a configuration center, secret manager, or controlled environment variables

Example Request

bash

curl --request POST 'https://api.onerway.com/tax/taxForm/v1/api/link' \
  --header 'Content-Type: application/json' \
  --header 'ApiKey: your-api-key' \
  --data '{
    "merchantRefId": "payee_10001",
    "taxType": "TAX1099NEC"
  }'

Failure Scenarios

Authentication fails in the following cases:

ApiKey is missing
ApiKey is invalid or malformed
ApiKey has expired or is no longer valid
ApiKey is not associated with a valid merchant account

Typical response example:

json

{
  "message": "Invalid API key in request"
}

When authentication fails, the platform returns HTTP status 401.

Security Recommendations

ApiKey is issued by Onerway and should be stored securely
Log request time, request path, and response status to support troubleshooting
When a request fails, investigate it together with request logs, response content, and timestamps

Authentication

Request Header ​

Usage Requirements ​

Example Request ​

Failure Scenarios ​

Security Recommendations ​

Request Header

Usage Requirements

Example Request

Failure Scenarios

Security Recommendations