API Access Modes

Worklio Embedded Payroll supports two API access models. Both using oAuth 2.0 authentication but with different flow.

Implicit mode (recommended)

Pros:

• You don’t need to implement proxy APIs
• You don’t need to manage user access on payroll/client/employee level
• Our API could be used directly from front end application
• Much faster delivery

Cons:

• SSO authentication scheme needs to be setup

Direct mode:

Pros:

• One system user does all operations regardless source of request
• SSO authentication setup is not required
• Employees can be created without access to API

Cons:

• Implementation of Proxy API in your product is required
• Access rights needs to be implemented on your end
• Implementation take much longer

📘

API access configuration

API access configuration settings, grant types, urls etc... are listed in How to get API access page

Implicit mode usage

Greatest implicit mode advantage is speed to market. You don’t need to care about access rights so much as with Direct mode (you just need to set employee access type properly) and you don’t need implement or somehow solve API proxy.

CORS is set in all origins allowed and you can use your System user or newly created Admin/Employee users directly. On live instance will be SSO and origins/redirect set properly per your URLs.

Authentication is via standard Bearer jwt token.

Direct mode usage

In case of direct mode, we are expecting that you are going to use only System user, but you can use admin/employees accounts also. Resource owner flow is used in this case and thus we expect this usage for internal use behind proxied APIs.

CORS is set in all origins allowed and you can use your System user or newly created Admin/Employee users directly. On live instance will be SSO and origins/redirect set properly per your URLs.

Authentication is via standard Bearer jwt token.