API Authentication

API Environments

There are two API environments available to you:

SandboxUsed to build out and test your integration.
ProductionYour live environment that will initiate real interactions with government entities. Usage is billed in the environment.

Retrieve your API keys

Log in or create an account with the Abound Dashboard to find and retrieve your API keys.

API keys are environment specific and can be found on the Keys page.

Authenticating API requests

Authentication requires passing your bearer token for the desired environment (sandbox or production) in the Authorization header of your API request.

The bearer token is in the period-delimited format of: appId.appSecret

The following is an example request that lists all Tin Verifications with the required Authorization header.

curl \
  --request GET \
  --url https://sandbox-api.withabound.com/<<apiVersion_v4>>/tin-verifications \
  --header 'Accept: application/json'
  --header 'Authorization: Bearer <<apiKey_v4>>'
await fetch("https://sandbox-api.withabound.com/<<apiVersion_v4>>/tin-verifications",{
  method: "GET",
  headers: {
    "Accept": "application/json",
    "Authorization": "Bearer <<apiKey_v4>>"

import requests

url = "https://sandbox-api.withabound.com/<<apiVersion_v4>>/tin-verifications"

headers = {
    "Accept": "application/json",
    "Authorization": "Bearer <<apiKey_v4>>"

response = requests.request("GET", url, headers=headers)
require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://sandbox-api.withabound.com/<<apiVersion_v4>>/tin-verifications")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Get.new(url)
request["Accept"] = 'application/json'
request["Authorization"] = 'Bearer <<apiKey_v4>>'

response = http.request(request)
puts response.read_body
package main

import (

func main() {

	url := "https://sandbox-api.withabound.com/<<apiVersion_v4>>/tin-verifications"

	req, _ := http.NewRequest("GET", url, nil)

	req.Header.Add("Accept", "application/json")
	req.Header.Add("Authorization", "Bearer <<apiKey_v4>>")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)


// using RestSharp;

var client = new RestClient("https://sandbox-api.withabound.com/<<apiVersion_v4>>/tin-verifications");
var request = new RestRequest(Method.GET);
request.AddHeader("Accept", "application/json");
request.AddHeader("Authorization", "Bearer <<apiKey_v4>>");

IRestResponse response = client.Execute(request);
appIdA non-sensitive, public identifier that is used to identify your app.
appSecretA sensitive, private key used to make secure calls to the Abound from your backend. Your appSecret should never be shared on the client-side or stored directly in your code.
https://sandbox-api.withabound.com/v4Sandbox API environment; use test credentials and build out and test your integration.
https://production-api.withabound.com/v4Production API environment; this environment is billed and will initiate real interactions with government entities.