Authentication

The dTax API uses HttpOnly session cookies for authentication. This prevents XSS token theft.

# Create account
curl -X POST https://getdtax.com/api/v1/auth/register \
  -H "Content-Type: application/json" \
  -d '{"email":"[email protected]","password":"yourpassword"}' \
  -c cookies.txt

# Login
curl -X POST https://getdtax.com/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email":"[email protected]","password":"yourpassword"}' \
  -c cookies.txt

The response sets a session HttpOnly cookie valid for 7 days.

# All subsequent requests use -b cookies.txt
curl https://getdtax.com/api/v1/transactions \
  -b cookies.txt

OAuth

Google and GitHub OAuth are also supported:

GET https://getdtax.com/auth/google
GET https://getdtax.com/auth/github

Both redirect to getdtax.com/auth/callback on success.

Authentication

Sign up / Login

Using the cookie

OAuth