Skip to main content
Open APIs are simple, easy to understand collection of REST-like APIs designed for “Connect” partners to enhance their understanding about their customers. Open APIs provide a secure, consent-based mechanism to gain insights into users’ demographics, income situations and tax deductions, enabling data-driven and personalized investment & financial planning products.

Try Quicko Connect in Postman

Quicko Connect Workspace

Overview

Open APIs allow “Connect” partners to access a variety of tax-related data through secure, consent-based endpoints.

User Details

Retrieve verified identity of the user, such as name, email, and mobile number.

Tax Payer

Access high-level details about user demographics, including PAN, name, DOB, age as per PAN, category, residential status.

ITR Details

Get metadata about Income Tax Returns, such as filing status, type of ITR filed, due dates, and acknowledgment number.

Tax Computation

Fetch computation of income and tax including income by heads, demat accounts, bank accounts, personal assets and liabilities.

Advisory Orders

Access user’s advisory service orders and their status.

Available Endpoints

Get User Details

Endpoint: GET /entitlements/userRetrieve verified identity information of the user.Returns:
  • Name (first name, last name)
  • Email address
  • Mobile number
  • User ID
  • Account status
  • Creation date
Use Cases:
  • Verify user identity
  • Pre-fill application forms
  • Personalize user experience
Endpoint: GET /income-tax/tax-payerAccess comprehensive demographic and tax-related information.Returns:
  • PAN number
  • Full name as per PAN
  • Date of birth
  • PAN holder type (individual, HUF, etc.)
  • Filing category (general, senior citizen, etc.)
  • Residential status (resident, non-resident, etc.)
  • Contact details (address, email, mobile)
Use Cases:
  • KYC verification
  • Age-based product recommendations
  • Residential status-based tax planning
Endpoint: GET /income-tax/tax-payer/itrGet metadata about the user’s Income Tax Returns.Returns:
  • Assessment year
  • ITR form type (ITR-1, ITR-2, etc.)
  • Tax regime (old/new)
  • Filing status (filed, in_progress, etc.)
  • Filing type (original, revised, belated)
  • Due date and filed date
  • Acknowledgement number
  • E-verification details
Use Cases:
  • Check tax filing compliance
  • Identify tax regime preference
  • Verify ITR filing status
Endpoint: GET /income-tax/tax-payer/itr/computation-of-taxFetch computation of income and tax liability.Returns:
  • Income by heads:
    • Salary income
    • House property income
    • Capital gains (STCG, LTCG)
    • Business & profession income
    • Other sources
  • Chapter VI-A deductions
  • Total taxable income
  • Tax payable/refundable
  • Interest and penalties (234A, 234B, 234C, 234F)
  • TDS and advance tax paid
Use Cases:
  • Tax liability assessment
  • Investment planning recommendations
  • Tax saving opportunities identification
Endpoint: GET /advisory/contacts/{contact_id}/ordersAccess user’s advisory service orders.Returns:
  • Order ID and status
  • Order creation and update timestamps
  • Order pricing details
  • GST amount
  • Order resolution details
Use Cases:
  • Track advisory service usage
  • Service billing and reconciliation

Authorization

Open APIs require an Authorization header with the JWT access token obtained through the OAuth flow.
All Open API requests must include two headers:
HeaderDescriptionRequired
AuthorizationResource Owner’s JWT access token (obtained via OAuth)Yes
x-api-keyYour API User Key (provided during onboarding)Yes

Example Request

cURL
curl https://api.quicko.com/income-tax/tax-payer \
  -H "Authorization: Bearer eyJhbGciOiJIUzUxMi..." \
  -H "x-api-key: key_live_xxxxxxxxxxxxx"
Node.js
const axios = require('axios');

const response = await axios.get('https://api.quicko.com/income-tax/tax-payer', {
  headers: {
    'Authorization': 'Bearer eyJhbGciOiJIUzUxMi...',
    'x-api-key': 'key_live_xxxxxxxxxxxxx'
  }
});

console.log(response.data);
Python
import requests

headers = {
    'Authorization': 'Bearer eyJhbGciOiJIUzUxMi...',
    'x-api-key': 'key_live_xxxxxxxxxxxxx'
}

response = requests.get(
    'https://api.quicko.com/income-tax/tax-payer',
    headers=headers
)

print(response.json())

Try APIs in API Reference

Explore and test all Open APIs with detailed request/response examples, schemas, and live API playground.

Getting Started

1

Get Onboarded

Contact Quicko to get your API credentials (API Key and Secret).
2

Authenticate Your Application

Use the Authenticate API to get your application’s access token.
3

Implement OAuth Flow

Follow the OAuth guide to get user consent and obtain Resource Owner tokens.
4

Call Open APIs

Use the Resource Owner’s access token to call Open APIs and retrieve user data.

Try it with Postman

Download our Postman collection to test the APIs quicklyQuicko Connect Postman Collection

Recommendations

Understand the Endpoints

Familiarize yourself with each API endpoint, its purpose, and how it fits into the services you offer.

Know Request & Response Structures

Each API has specific request parameters and response data formats. Understanding these ensures seamless integration.

Handle Data with Care

Handle and store user information securely and in compliance with data privacy and protection guidelines (GDPR, DPDPA, etc.).

Maintain User Consent

Ensure ongoing consent from users to access their data. Provide clear options to revoke access if desired.

Data Privacy & Security

Important: User data obtained through Open APIs is sensitive personal and financial information. You must:
1

Obtain Explicit Consent

Always obtain explicit user consent before accessing their data through the OAuth flow.
2

Encrypt Data at Rest and in Transit

Use industry-standard encryption (AES-256, TLS 1.2+) for storing and transmitting data.
3

Implement Access Controls

Restrict data access to only authorized personnel and systems. Use role-based access control (RBAC).
4

Comply with Regulations

Ensure compliance with:
  • Digital Personal Data Protection Act (DPDPA), 2023
  • GDPR (for EU users)
  • Other applicable data protection laws
5

Provide User Rights

Allow users to:
  • View what data you’ve accessed
  • Revoke access at any time
  • Request data deletion
6

Regular Security Audits

Conduct regular security assessments and penetration testing of your integration.

Rate Limiting

API rate limits ensure fair usage and system stability. Current limits are subject to your service agreement.
If you exceed rate limits, you’ll receive a 429 Too Many Requests response. Implement exponential backoff and retry logic in your application.

Error Handling

Open APIs return standard HTTP status codes and error responses:
Status CodeMeaning
200Success
400Bad Request - Invalid parameters
401Unauthorized - Invalid or expired token
403Forbidden - Insufficient permissions
404Not Found - Resource doesn’t exist
429Too Many Requests - Rate limit exceeded
500Internal Server Error

Example Error Response

{
  "code": 401,
  "transaction_id": "abc123-def456-ghi789",
  "timestamp": 1699351274048,
  "error": {
    "message": "Invalid or expired access token",
    "type": "authentication_error"
  }
}
Always check the transaction_id in responses. This helps Quicko support team debug issues quickly if you encounter problems.

Next Steps

Authentication Guide

Learn about API authentication

OAuth Flow

Implement OAuth for user consent

API Reference

Explore detailed API documentation