DOCS/FLUX/Wht Filing

Batch Filing

Authentication Required

This endpoint requires a valid API key. Include your API key in the x-api-key header of every request. You can generate a test key in your developer dashboard.

The Batch WHT Filing API allows you to submit multiple Withholding Tax (WHT) transactions in a single request. This is ideal for platforms processing large volumes of vendor payments, bulk contract settlements, or periodic tax remittance, ensuring efficient aggregation and reducing API roundtrips.

Integration Flow

1Prepare Data: Format all WHT beneficiary transactions into a single payload array according to the schema.
2Encrypt Credentials: Encrypt your filing credentials in-flight to generate the encryptedPayload.
3Submit & Monitor: Send the POST request. Await the async webhook notification for the final filing status and schedule records.

HTTP Request

POSThttps://api.taxstreem.com/v1/flux/wht-filing/batch

Request Body

The following parameters are required for this action.

Parameter	Type	Required	Description
batchId	string	Required	A universally unique identifier (UUID) assigned by you. Used for idempotency to ensure this exact batch is not processed twice if the connection drops. Max 64 characters.
payload	array[object]	Required	An array of transaction objects containing the target data. Cannot be empty. Maximum 500 items per batch. Schema mirrors the single payload attributes.

Encrypted Payload (In-Flight Encryption)

FLUX requires sensitive credentials to be encrypted at the application layer before transmission. This provides defense-in-depth on top of HTTPS.

The encryptedPayload field must contain a Base64-encoded AES-256-GCM encrypted JSON object.

Encryption Specification

Property	Value
Algorithm	AES-256-GCM
Key Derivation	SHA-256(sharedSecret)
IV (Nonce)	12 bytes (96-bit) random
Auth Tag	16 bytes (128-bit)
Encoding	Base64

Payload Format

The final transmitted value must be:

Base64( IV[12] || Ciphertext || AuthTag[16] )

IV is randomly generated per request
Ciphertext is encrypted JSON
AuthTag is automatically appended by GCM

Response Documentation

A successful invocation of this endpoint returns a 202 Accepted or 200 OK. Since filing operations are processed asynchronously alongside tax gateways, the immediate response acknowledges successful receipt and enqueueing of the schedule payload.

Field Name	Type	Description
status	string	The high-level outcome of the request context. Value is typically `accepted` indicating payload validation passed.
message	string	A human-readable confirmation note (e.g. "schedule accepted successfully").
data.id	string	The tracking UUID for this schedule. This precise ID correlates to the `filingId` in downstream webhook events.
data.created_at	string (date-time)	Timestamp marking the instant the schedule safely enqueued, in ISO 8601 format.

Error Handling

The API applies standard HTTP status codes indicating success or failure. In case of an anomaly, the response body contains an errors array detailing specific field-level validation issues to facilitate rapid integration debugging.

HTTP Status	Error Key	Cause & Resolution
400	Bad Request	Cause: Missing required fields, invalid attributes (e.g. malformed TIN), or structural JSON anomalies. Resolution: Traverse the `errors` array in the response to target the invalid field constraints, format properly, and re-submit.
401	Unauthorized	Cause: The API key credential is missing, malformed, or revoked. Resolution: Ensure your `x-api-key` is populated in the request header and that you are matching the correct environment bounds (live vs test).
403	Forbidden	Cause: Properly authenticated, but the key context is lacking specific scope permissions or the merchant account represents restricted access. Resolution: Review integration scopes within the dashboard to assure capability rights correspond to FLUX operations.
429	Too Many Requests	Cause: Network volume exceeds the rate envelope associated with your tier configuration. Resolution: Gracefully throttle via exponential backoff semantics checking the `Retry-After` header variable, or upgrade capacity constraints.

Example Request

curl -X POST https://api.taxstreem.com/v1/flux/wht-filing/batch \
  -H "x-api-key: txsm_test_SK489c..." \
  -H "Content-Type: application/json" \
  -d {
    "batchId": "batch_123",
    "payload": [
      {
        "encryptedPayload": 'encrypted_string_...',
        "filingId": '123-abuiod-90',
        "month": 1,
        "year": 2024,
        "data": [
           {
               "beneficiaryName": "John Doe",
               "beneficiaryTin": "2345544-0001",
               "transactionDate": "2024-03-20",
               "transactionDesc": "Consultancy Services",
               "transactionAmount": 50000,
               "rate": 5,
               "taxAmount": 2500,
               "scheduleReference": "REF-123456"
           }
        ]
      }
          ]
     }

Example Response

202 Accepted

{
  "status":  "accepted",
  "message":  "schedule accepted successfully",
  "data":  {
    "id":  "xaee2ddf-effvkfes",
    "created_at":  "2026-02-20T10:00:00Z"
  }
}