Guides

How to get API access

Suggest Edits

Worklio Embedded Payroll API employs OpenID authentication. As a result, you need to register a Developer account with us first. Anyone can register this account with us, but you must provide basic information about yourself and agree to the confidentiality agreements.

The user-generated through this registration is on the System level, allowing you to create and fully access the new companies formed. You can access multiple companies with the newly created account as a system-level user.

📘

Newly created admin user

Please be aware that your newly created admin user is empty, and you must onboard the company and employees first. You can do the onboarding by calling our API or on our open-source components dummy site located here. Please use your credentials to log in.

Duly note that this dummy site is just a playground API and that you can continue the process in your domain.

Sandbox developer account registration is available on registration page.

oAuth flows for API access

📘

Refer to API Access Modes for more about WEP oAuth flows.

Worklio Embedded Payroll supports two oAuth 2.0 flows by default:

  • Resource Owner for API-To-API scenario
  • Implicit for User-To-API scenario

Resource Owner flow

Using this oAuth flow, you request your unique identifier from our API using an API-API integration. For Resource Owner flow, you need to use the following settings:

   {
            {"grant_type", "password"},
            {"username", username},
            {"password", password},
            {"scope", "api"},
            {"client_id", "wep_resourceowner.public.api"},
            {"client_secret", "EFFFC78854F64A17B6ADA7EA385D3C83"}
            Access Token URL: **<https://api.worklio.com/connect/token>**
        };

Successful integration between both server sides returns an access token that you can use to access our API endpoints.

Implicit flow

This flow redirects you to our API for authentication with your login credentials before returning you to your Single Sign-On (SSO) server with an access token. This flow supports a User-API integration as users already have a frontend for these interactions.

To obtain access tokens by Implicit flow, ensure to use the following settings:

Grant Type: Implicit
Access Token URL: https://api.worklio.com/connect/authorize
Client ID: wep.public.api
Redirect/Callback URL: Sandbox supports Postman URL and a couple of localhost versions suitable for testing purposes.
https://oauth.pstmn.io/v1/browser-callback
http://localhost:8080/auth/signinpop/main
http://localhost:8080/auth/signinwin/main
https://localhost:8080/auth/signinpop/main
https://localhost:8080/auth/signinwin/main
http://localhost:5001/auth
https://localhost:5001/auth
Scope : api

Authenticating and Consuming API with WEP components

The WEP library provides the WepAuthFlow class, offering a streamlined way to manage authentication flows using OpenID Connect (OIDC). It handles login and logout processes and securely manages tokens. This class is designed to simplify the integration of authentication into your application.

Key Features:

  • Resolves signin and signout callbacks.
  • Provides methods to fetch tokens and check login status.
  • Supports login and logout using redirect or popup mechanisms.

Example:

import { WepAuthFlow, WepOpenIDConnect } from '@worklio/wep';

const wepAuth = new WepAuthFlow({
  oidc: new WepOpenIDConnect({
    authority: "<URL_TO_AUTHORITY_SERVER>",
    client_id: "wep.public.api",
    response_type: "id_token token",
    scope: "openid api",
    method: "redirect",
    redirect_path: "/auth/signinwin/main",
    post_logout_redirect_path: "/auth/signoutwin/main",
    silent_redirect_uri_path: "/auth/signinsilent/main",
  }),
});

Alternatively, you can use oidc-client-ts directly for full control over the authentication process.

📘

API Swagger file

Swagger file can be downloaded from here.

Updated 11 days ago