AvaTax API 19.5 Patch Notes
- May 20, 2019 | Qijing Yu
This article is about the May 2019 monthly update to the AvaTax API.
Sandbox testing window
The AvaTax release schedule includes a preview period during which time the latest software is available for integration testing in the AvaTax Sandbox Environment two weeks before launching to production. If your engineering team would like a sandbox account for integration testing purposes:
- Development and Solutions Partners (DSP), please contact your Business Development Manager.
- Avalara customers, please contact your Customer Account Manager or open a support ticket.
Access-Control-Allow-Origin header in API response
The Access-Control-Allow-Origin header is a security feature supported by most browsers used to prevent content from unknown domains to be presented to end users. By reflecting allowable origins in our API response, a browser will be able to utilize this information and compare it to the serving domain then decide whether it’s safe to display content.
As the first step of a multi-step process, in the 19.5 release we’ll start returning this header without validating requesting origin. At the backend, we’ll log the requesting origins on a list for review. Once we’ve gained enough information from the collected origin list, we’ll enter a more restrictive mode that only reflects the origins allowable in our white list. If you have a use case to serve Avalara API response directly into your client’s browser, please contact us so we can confirm your domain is added to our white list.
Extra column in TaxContent API response
As part of our efforts to evolve TaxContent API with Mutli-Tax support, we’re adding a few more columns to TaxContent API response in the next couple of releases. TaxSubType is the first column we’re adding to TaxContent API response. If you supplied ItemCode in your request, and you work with JSON format, you’ll see this new column being returned.
Other fixes and improvements
- Fixed issue with TaxRateByPostalCode file building
- Updated use role permission documentation for BulkLockTransaction API
- Enabled “Custom” welcome email option in RequestNewAccount API
- Added pagination for ListReports API
- Resolved InternalServerError for CreateContacts and UpdateContact APIs
- Allowed Voided transactions to be adjusted to Committed or Uncommitted status
- Resolved 500 error when creating country nexus with bad jurisdictionTypeId
- Improved error message when updating DataSource without Instance field
- Increased website length in NewAccountModel