W-9/W-8 Collection Options
TaxBandits provides multiple methods to collect W-9 and W-8 forms, allowing you to choose the approach that best fits your workflow, integration pattern, and recipient experience. Whether you are onboarding users within your platform, reaching recipients externally, or enabling self-service collection, each method is designed to support different use cases and levels of control.
RequestByEmail
RequestByEmail sends an email directly to the recipient containing a secure, unique link to complete their W-9 or
W-8 form. This is the most common method for reaching vendors outside your portal.
Key behaviours
- Each request generates a unique link per recipient and dispatches an email immediately
- The sender name, from-address, and logo are all customizable. See Email Customization for details.
- TIN matching is triggered automatically on submission when
IsTINMatchingis TRUE. - Submission status is delivered via webhook (if configured), the
Statusendpoint or web Messaging (postMessage).
When to use
- You do not have a unique portal for the recipients.
- You want to manage outreach through email without building your own notification system.
RequestByText
RequestByText sends a secure link to the recipient via text message. The recipient taps the link on their mobile device and completes the form in a mobile-optimized view.
Key behaviours
- Requires the recipient's mobile number in the request.
- Each request generates a unique link per recipient and sends a text message.
- TIN matching is triggered automatically on submission when
IsTINMatchingis TRUE. - Submission status is delivered via webhook (if configured) or the
Statusendpoint.
When to use
- Your recipient base is primarily mobile and less likely to engage with email.
- You want a faster, lower-friction outreach channel for time-sensitive onboarding.
RequestByUrl
RequestByUrl generates a unique, secure URL for each individual recipient. This URL can be embedded as an iframe directly inside your vendor portal or onboarding flow, allowing recipients to complete and submit their W-9 or W-8 without leaving your application/portal.
Key behaviours
- Each API call generates one unique URL tied to one recipient.
- The URL can be embedded as an iframe or opened as a redirect.
- TIN matching can be triggered automatically on submission by setting
IsTINMatchingto TRUE. - Real-time submission notifications are available via webhook (if configured), the Status endpoint, or web Messaging (postMessage).
When to use
- You have a vendor portal or onboarding flow where recipients log in with individual accounts.
RequestByBusinessUrl
RequestByBusinessUrl generates a single common URL for an entire business or DBA. Unlike the methods above, this URL is not tied to a specific individual — it can be embedded on your website, added to an onboarding email template, or shared with any number of recipients who need to complete a form for that payer.
Key behaviours
- A single, public URL serves all recipients for a given payer.
- TIN matching can be triggered automatically on submission by setting
IsTINMatchingto TRUE. - Real-time submission notifications are available via webhook (if configured) or the
Statusendpoint.
When to use
- You want to publish a self-serve W-9 link on a registration page, vendor portal homepage, or email template.
- You cannot predict who will need to fill out a form ahead of time.
- You need a low-maintenance, always-on collection URL.
To track which vendor submitted which form, append a PayeeRef query parameter to the URL (e.g., ?payeeref=vendor001). The webhook response will return this same PayeeRef, allowing you to map the submission back to the vendor. Learn more
Drop-In UI
Drop-In UI is a pre-built, fully customizable W-9/W-8 form interface that you embed directly inside your application. Unlike the URL-based methods, Drop-In UI gives you complete visual control through JavaScript and CSS, allowing the form to match your application's design system exactly.
Key behaviours
- Requires constructing a JWS token and exchanging it for a short-lived transient token (15-minute expiry) before loading the UI.
- Supports customization of all visual elements: colors, fonts, button styles, labels, and more.
- TIN matching can be configured to run automatically on form submission.
- Frame ancestor (CSP) restrictions apply — allowed domains must be declared when generating the transient token.
For the full setup walkthrough, including token construction, domain allowlisting, and the customization schema, see Drop-In UI Guidance.
When to use
- You need the form to feel completely native — same fonts, colors, and layout as the rest of your product.
- You want to avoid redirects or iframes with third-party origins.
RequestByUrl and Drop-In UI both embed the form inside your application. The key difference is control:
RequestByUrl is an iframe with a hosted form page, while Drop-In UI gives you full CSS-level customization over every visual element.
Method comparison
| Method | Initiated By | URL Type | Best Suited For |
|---|---|---|---|
| RequestByEmail | Payer | Unique per recipient | Email-driven outreach |
| RequestByText | Payer | Unique per recipient | Mobile-first vendors |
| RequestByUrl | Payer(iframe) | Unique per recipient | Vendor portal onboarding |
| RequestByBusinessUrl | Payee (self-serve) | Public URL unique per payer | Public registration pages |
| Drop-In UI | Payee (embedded) | N/A (embedded) | Fully branded portals |