In addition to HTTP Basic Authentication, The YourPayroll API also supports OAuth2 authentication.
If you'd like to register an OAuth2 application, please send an email to (support@yourpayroll.com.au)[support@yourpayroll.com.au] with the following details:
Authorization URL: https://{yourwhitelabel}.yourpayroll.com.au/oauth/authorise
Access Token URL: https://{yourwhitelabel}.yourpayroll.com.au/oauth/token
To initiate the client authorisation process, your client should be redirected to https://{yourwhitelabel}.yourpayroll.com.au/oauth/authorise?client_id={your_client_id}&redirect_uri={your_redirect_uri}&response_type=code&state={your_state}
.
The following query string parameters are required:
code
.Once the user allows access to your application, they will be redirected to redirect_uri specified above. The following parameters will be supplied in the query string:
code
for access token and refresh tokenUsing the code received from the oauth callback above, your application should then make a POST request to https://{yourwhitelabel}.yourpayroll.com.au/oauth/token
to obtain your access tokens.
The following parameters are required:
authorization_code
, as defined in the OAuth 2.0 specification.A successful response contains the following fields in a JSON result similar to the following:
{
"access_token":"7Rqk!IAAAAJMsgSSNnKJx1tIoboFApUYQudG7nYiYr7OuGdTmSBOU4QAAAA",
"token_type":"bearer",
"expires_in":86400,
"refresh_token":"MpE-!IAAAAHyBWSC908zHY-39rhq76dojb4QEXeryTDAdjbQ0d3AFbBYmLWXXrdgPW",
"scope":""
}
bearer
.NOTE: The access tokens are currently set to expire every 24 hours, so it's important to implement the access token refresh code as well.
To refresh an access token, make a POST request to https://{yourwhitelabel}.yourpayroll.com.au/oauth/token
and pass the following information:
refresh
token received when exchanging the code
for access token and refresh token aboverefresh_token
, as defined in the OAuth 2.0 specification.A successful response contains the following fields in a JSON result similar to the following:
{
"access_token":"1/fFBGRNJru1FQd44AzqT3Zg",
"expires_in":86400,
"token_type":"bearer",
}
bearer
.Now that you have the client's access token, all API requests should supply that token in the Authorization: HTTP
header. For example:
GET /api/v2/user HTTP/1.1
Host: {yourwhitelabel}.yourpayroll.com.au
Authorization: Bearer 1/fFBGRNJru1FQd44AzqT3Zg