How to get API access

Worklio Embedded Payroll API employs OpenID authentication. As a result, you need to register a Developer account with us first. Anyone can register this account with us, but you must provide basic information about yourself and agree to the confidentiality agreements.

The user-generated through this registration is on the System level, allowing you to create and fully access the new companies formed. You can access multiple companies with the newly created account as a system-level user.


Newly created admin user

Please be aware that your newly created admin user is empty, and you must onboard the company and employees first. You can do the onboarding by calling our API or on our open-source components dummy site located here. Please use your credentials to log in.

Duly note that this dummy site is just a playground API and that you can continue the process in your domain.

Sandbox developer account registration is available on registration page.

oAuth flows for API access


Refer to API Access Modes for more about WEP oAuth flows.

Worklio Embedded Payroll supports two oAuth 2.0 flows by default:

  • Resource Owner for API-To-API scenario
  • Implicit for User-To-API scenario

Resource Owner flow

Using this oAuth flow, you request your unique identifier from our API using an API-API integration. For Resource Owner flow, you need to use the following settings:

            {"grant_type", "password"},
            {"username", username},
            {"password", password},
            {"scope", "api"},
            {"client_id", "wep_resourceowner.public.api"},
            {"client_secret", "EFFFC78854F64A17B6ADA7EA385D3C83"}
            Access Token URL: **<>**

Successful integration between both server sides returns an access token that you can use to access our API endpoints.

Implicit flow

This flow redirects you to our API for authentication with your login credentials before returning you to your Single Sign-On (SSO) server with an access token. This flow supports a User-API integration as users already have a frontend for these interactions.

To obtain access tokens by Implicit flow, ensure to use the following settings:

Grant Type: Implicit
Access Token URL:
Client ID: wep.public.api
Redirect/Callback URL: Sandbox supports Postman URL and a couple of localhost versions suitable for testing purposes.

Scope : api

Authenticating and Consuming API with WEP components

WEP library provides some handy utility functions that make it easy to consume the API, so you don't spend too much time on the setup yourself. You can easily configure the flow settings using the createWEP function.

Here's an example of how a function can be used with implicit flow.

const wep = createWEP({
  flow: "implicit",
  oidc: {
    authority: <URL_TO_AUTHORITY_SERVER>,
    redirect_path: "/auth/signinwin/main",
    post_logout_redirect_path: "/auth/signoutwin/main",
    silent_redirect_uri_path: "/auth/signinsilent/main",

Under the hood createWEP function automatically sets up the OIDC client, which exposes the login and logout utility functions. Calling the login function will send the user to the login page, where they can enter their email and password to log in. You can also check if the user is logged in or not by using the logged property from the OIDC client.

To make it easy to make API requests, you can use the "api" client from the utils. It provides get, post, delete, and patch methods. When using the implicit flow, you don't have to worry about providing the authentication token to the API client. The createWEP function will configure the API client with the necessary headers when you make a request.


API Swagger file

Swagger file can be downloaded from here.