Mock sample for your project: Paylocity API

Integrate with "Paylocity API" from paylocity.com in no time with Mockoon's ready to use mock sample

Paylocity API

paylocity.com

Version: 2


Use this API in your project

Integrate third-party APIs faster by using "Paylocity API" ready-to-use mock sample. Mocking this API will help you accelerate your development lifecycles and improves your integration tests' quality and reliability by accounting for random failures, slow response time, etc.
It also helps reduce your dependency on third-party APIs: no more accounts to create, API keys to provision, accesses to configure, unplanned downtime, etc.

Description

For general questions and support of the API, contact: [email protected]
Overview
Paylocity Web Services API is an externally facing RESTful Internet protocol. The Paylocity API uses HTTP verbs and a RESTful endpoint structure. OAuth 2.0 is used as the API Authorization framework. Request and response payloads are formatted as JSON.
Paylocity supports v1 and v2 versions of its API endpoints. v1, while supported, won't be enhanced with additional functionality. For direct link to v1 documentation, please click here. For additional resources regarding v1/v2 differences and conversion path, please contact [email protected].
Setup
Paylocity will provide the secure client credentials and set up the scope (type of requests and allowed company numbers). You will receive the unique client id, secret, and Paylocity public key for the data encryption. The secret will expire in 365 days.
Paylocity will send you an e-mail 10 days prior to the expiration date for the current secret. If not renewed, the second e-mail notification will be sent 5 days prior to secret's expiration. Each email will contain the code necessary to renew the client secret.
You can obtain the new secret by calling API endpoint using your current not yet expired credentials and the code that was sent with the notification email. For details on API endpoint, please see Client Credentials section.
Both the current secret value and the new secret value will be recognized during the transition period. After the current secret expires, you must use the new secret.
If you were unable to renew the secret via API endpoint, you can still contact Service and they will email you new secret via secure email.
When validating the request, Paylocity API will honor the defaults and required fields set up for the company default New Hire Template as defined in Web Pay.
Authorization
Paylocity Web Services API uses OAuth2.0 Authentication with JSON Message Format.
All requests of the Paylocity Web Services API require a bearer token which can be obtained by authenticating the client with the Paylocity Web Services API via OAuth 2.0.
The client must request a bearer token from the authorization endpoint:
auth-server for production: https://api.paylocity.com/IdentityServer/connect/token
auth-server for testing: https://apisandbox.paylocity.com/IdentityServer/connect/token
Paylocity reserves the right to impose rate limits on the number of calls made to our APIs. Changes to API features/functionality may be made at anytime with or without prior notice.
Authorization Header
The request is expected to be in the form of a basic authentication request, with the "Authorization" header containing the client-id and client-secret. This means the standard base-64 encoded user:password, prefixed with "Basic" as the value for the Authorization header, where user is the client-id and password is the client-secret.
Content-Type Header
The "Content-Type" header is required to be "application/x-www-form-urlencoded".
Additional Values
The request must post the following form encoded values within the request body:
granttype = clientcredentials
scope = WebLinkAPI
Responses
Success will return HTTP 200 OK with JSON content:
{
"access_token": "xxx",
"expires_in": 3600,
"token_type": "Bearer"
}
Encryption
Paylocity uses a combination of RSA and AES cryptography. As part of the setup, each client is issued a public RSA key.
Paylocity recommends the encryption of the incoming requests as additional protection of the sensitive data. Clients can opt-out of the encryption during the initial setup process. Opt-out will allow Paylocity to process unencrypted requests.
The Paylocity Public Key has the following properties:
2048 bit key size
PKCS1 key format
PEM encoding
Properties
key (base 64 encoded): The AES symmetric key encrypted with the Paylocity Public Key. It is the key used to encrypt the content. Paylocity will decrypt the AES key using RSA decryption and use it to decrypt the content.
iv (base 64 encoded): The AES IV (Initialization Vector) used when encrypting the content.
content (base 64 encoded): The AES encrypted request. The key and iv provided in the secureContent request are used by Paylocity for decryption of the content.
We suggest using the following for the AES:
CBC cipher mode
PKCS7 padding
128 bit block size
256 bit key size
Encryption Flow
Generate the unencrypted JSON payload to POST/PUT
Encrypt this JSON payload using your own key and IV (NOT with the Paylocity public key)
RSA encrypt the key you used in step 2 with the Paylocity Public Key, then, base64 encode the result
Base64 encode the IV used to encrypt the JSON payload in step 2
Put together a "securecontent" JSON object:
{
'secureContent' : {
'key' : -- RSA-encrypted & base64 encoded key from step 3,
'iv' : -- base64 encoded iv from step 4
'content' -- content encrypted with your own key from step 2, base64 encoded
}
}
Sample Example
{
"secureContent": {
"key": "eS3aw6H/qzHMJ00gSi6gQ3xa08DPMazk8BFY96Pd99ODA==",
"iv": "NLyXMGq9svw0XO5aI9BzWw==",
"content": "gAEOiQltO1w+LzGUoIK8FiYbU42hug94EasSl7N+Q1w="
}
}
Sample C# Code
using Newtonsoft.Json;
using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;
public class SecuredContent
{
[JsonProperty("key")]
public string Key { get; set; }
[JsonProperty("iv")]
public string Iv { get; set; }
[JsonProperty("content")]
public string Content { get; set; }
}
public class EndUserSecureRequestExample
{
public string CreateSecuredRequest(FileInfo paylocityPublicKey, string unsecuredJsonRequest)
{
string publicKeyXml = File.ReadAllText(paylocityPublicKey.FullName, Encoding.UTF8);
SecuredContent secureContent = this.CreateSecuredContent(publicKeyXml, unsecuredJsonRequest);
string secureRequest = JsonConvert.SerializeObject(new { secureContent });
return secureRequest;
}
private SecuredContent CreateSecuredContent(string publicKeyXml, string request)
{
using (AesCryptoServiceProvider aesCsp = new AesCryptoServiceProvider())
{
aesCsp.Mode = CipherMode.CBC;
aesCsp.Padding = PaddingMode.PKCS7;
aesCsp.BlockSize = 128;
aesCsp.KeySize = 256;
using (ICryptoTransform crt = aesCsp.CreateEncryptor(aesCsp.Key, aesCsp.IV))
{
using (MemoryStream outputStream = new MemoryStream())
{
using (CryptoStream encryptStream = new CryptoStream(outputStream, crt, CryptoStreamMode.Write))
{
byte[] encodedRequest = Encoding.UTF8.GetBytes(request);
encryptStream.Write(encodedRequest, 0, encodedRequest.Length);
encryptStream.FlushFinalBlock();
byte[] encryptedRequest = outputStream.ToArray();
using (RSACryptoServiceProvider crp = new RSACryptoServiceProvider())
{
crp.FromXmlstring(publicKeyXml);
byte[] encryptedKey = crp.Encrypt(aesCsp.Key, false);
return new SecuredContent()
{
Key = Convert.ToBase64string(encryptedKey),
Iv = Convert.ToBase64string(aesCsp.IV),
Content = Convert.ToBase64string(encryptedRequest)
};
}
}
}
}
}
}
}
Support
Questions about using the Paylocity API? Please contact [email protected].
Deductions (v1)
Deductions API provides endpoints to retrieve, add, update and delete deductions for a company's employees. For schema details, click here.
OnBoarding (v1)
Onboarding API sends employee data into Paylocity Onboarding to help ensure an easy and accurate hiring process for subsequent completion into Web Pay. For schema details, click here.

Other APIs in the same category

Big Red Cloud API

bigredcloud.com
Welcome to the Big Red Cloud API
This API enables programmatic access to Big Red Cloud data.
We have used Swagger to auto generate the API documentation on this page, and it also enables direct interaction with the API in this page.
To get started, you will require an API Key - check out our guide at https://www.bigredcloud.com/support/generating-api-key-guide/ for information on how to get one.
Use the 'Enter API Key' button below to enter your API key and start interacting with your Big Red Cloud data right on this page.
The API key will be stored in your browsers local storage for convenience, but you will be able to delete it at any time if you wish.
For additional information on the API, check out our support article at https://www.bigredcloud.com/support/api/

Accounting

Introduction
The Xero Accounting API is a RESTful web service and uses the OAuth (v1.0a) protocol to authenticate 3rd party applications. The Accounting API exposes accounting and related functions of the main Xero application and can be used for a variety of purposes such as creating transactions like invoices and credit notes, right through to extracting accounting data via our reports endpoint.

API v1.0.0

envoice.in
Run in Postman
or
View Postman docs
Quickstart
Visit github to view the quickstart tutorial.
Tutorial for running the API in postman
Click on ""Run in Postman"" button
postman - tutorial - 1
---
A new page will open.
Click the ""Postman for windows"" to run postman as a desktop app.
Make sure you have already installed Postman.
postman - tutorial - 2
---
In chrome an alert might show up to set a default app for opening postman links. Click on ""Open Postman"".
postman - tutorial - 3
---
The OpenAPI specification will be imported in Postman as a new collection named ""Envoice api""
postman - tutorial - 4
---
When testing be sure to check and modify the environment variables to suit your api key and secret. The domain is set to envoice's endpoint so you don't really need to change that.
\*Eye button in top right corner
postman - tutorial - 5
postman - tutorial - 6
---
You don't need to change the values of the header parameters, because they will be replaced automatically when you send a request with real values from the environment configured in the previous step.
postman - tutorial - 7
---
Modify the example data to suit your needs and send a request.
postman - tutorial - 8
Webhooks
Webhooks allow you to build or set up Envoice Apps which subscribe to invoice activities.
When one of those events is triggered, we'll send a HTTP POST payload to the webhook's configured URL.
Webhooks can be used to update an external invoice data storage.
In order to use webhooks visit this link and add upto 10 webhook urls that will return status 200 in order to signal that the webhook is working.
All nonworking webhooks will be ignored after a certain period of time and several retry attempts.
If after several attempts the webhook starts to work, we will send you all activities, both past and present, in chronological order.
The payload of the webhook is in format:

Product Finder API

hsbc.com

Account and Transaction API Specification - UK

Functionality at a glance
The NBG "UK OPB - Account and Transaction v3.1.5" API follows the [UK Open Banking Specification
v3.1.5](https://openbankinguk.github.io/read-write-api-site3/v3.1.5/profiles/account-and-transaction-api-profile.html)
This Account and Transaction API Specification describes the flows and payloads for retrieving a list of accounts and their transactions.
The API endpoints described here allow a AISP to:
Create the Consent with the appropriate permissions in order to be able to access the API Endpoints
Retrieve the list of accounts
Retrieve an account's details
Retrieve an account's balances
Retrieve an account's transactions
Retrieve an account's beneficiaries
Retrieve an account's standing orders
Retrieve an account's party
Retrieve an account's scheduled payments
Retrieve an account's statements
Quick Getting Started
Login/Register to the NBG Technology HUB
Go to "APPS"
Select your Organization and go to step 4. If you want to create a new Organization click \"CREATE AN ORGANIZATION\" and follow the steps below:
Enter the title of your Organization
Enter a short description of your Organization (optional)
Click "SUBMIT"
Select the Organization of choice and click "ADD AN APPLICATION"
Fill in the forms (title and short description)
Check \"Authorization Code\" and \"Client Credentials\"
Enter the OAuth Redirect and Post Logout URIs (these are the URIs that we will redirect the user upon logging in and logging out respectively)
You can use the following redirect URL to easily test the API through the portal: https://developer.nbg.gr/oauth2/redoc-callback
Click "SUBMIT"
Store the APPs "Client ID" and "Client Secret"
Go to "API PRODUCTS" and select the ACCOUNT INFORMATION - UK OPEN BANKING API
Click \"START USING THIS API\", choose your app and click
"SUBSCRIBE"
Get an Access Token using the Access Token Flow and the API scopes provided in the Authentication and Authorization (OAuth2) section below
Create a Sandbox
Play with the API
Sandbox Flow
The Sandbox Flow matches the Production Flow. The difference lies into the Data used. Instead of live
data, the Sandbox flow uses mocked data.
Production Flow
The Production Flow is described in the [UK Open Banking v3.1.5
Specification](https://openbankinguk.github.io/read-write-api-site3/v3.1.5/profiles/account-and-transaction-api-profile.html)
More details about the implementation specifics followed, please visit section **UK OPB Implementation
Specifics**
Authentication and Authorization (OAuth2)
This API version uses the OAuth2 protocol for authentication and authorization, which means that a
Bearer (access token) should be acquired. An access token can be retrieved using the client_id and
client_secret of the APP that you created and subscribed in this API, and your own credentials
(username, password) that you use to sign in the NBG Technology HUB. The scopes are defined below:
Authorization Endpoint:
https://my.nbg.gr/identity/connect/authorize
Token Endpoint:
https://my.nbg.gr/identity/connect/token
Authorization Code
Sandbox Scopes:
sandbox-uk-account-info-api-v1 offline_access
Production Scopes:
accounts offline_access
Client Credentials
Sandbox Scopes:
sandbox-uk-account-info-api-v1
Production Scopes:
accounts
See more here
QWAC Certificates
TPPs are required to present a QWAC certificate during API consumption. The API checks that this certificate has been provided and is valid. In sandbox mode the certificate validations are optional. To validate your certificate in sandbox implementation, please send us your QWAC certificate at [email protected] and set the HTTP Header \"x-sandbox-qwac-certificate-check\" with the value \"true\" in your requests.
SMS Challenge (One Time Password)
In order to successfully authorize an Accounts Access you will need to provide the SMS OTP (One Time Password) in the corresponding Accounts Consent UI Screen.
By default the SMS OTP will be sent to the mobile number declared upon singing up in the NBG Technology HUB.
Create your Sandbox
Create a new Sandbox application by invoking the POST /sandbox. This call will generate a new Sandbox
with a unique sandbox-id.
Important! Before proceeding save the sandbox id you just created.
When you create a sandbox, users and sandbox specific data are generated as sample data.
Start Testing
Once you have your sandbox-id, you can start invoking the rest of the operations by providing the
mandatory http header sandbox-id and the http headers described below.
Important notes
Request headers
The following HTTP header parameters are required for every call:
Authorization. The Auth2 Token
sandbox-id. Your Sandbox ID
Consent
In order to be able to effectively start using the Endpoints the appropriate Consent needs to be
created and set to the 'Authorised' status.
In order to create the Consent you need to at least set the required permissions and the Risk
sections.
Optionally you may set the
ExpirationDateTime. When the Consent expires
TransactionFromDateTime. Start Date to retrieve the transactions
TransactionToDateTime. End Date to retrieve the transactions
Not Implemented Endpoints
The following endpoints are not implemented in the API
GET /balances
GET /transactions
GET /beneficiaries
GET /accounts/\{AccountId\}/direct-debits
GET /direct-debits
GET /standing-orders
GET /accounts/\{AccountId\}/product
GET /products
GET /accounts/\{AccountId\}/offers
GET /offers
GET /scheduled-payments
GET /statements
Error Codes
The error codes and their description can be found
here
UK OPB Implementation Specifics
Below you may find more specific information & limitations regarding the implementation followed in the Production API.
Token Endpoint Client Authentication
At this point the supported Client Authentication method is "Client Secret Basic" - usage of "Client ID" & "Client Secret".
Consent Authorization
For a PSU to Authorize a Consent, they need to be redirected to the appropriate Consent UI.
For this redirection to take place the TPP needs to follow the Authorization Endpoint by amending the generated "Consent ID", like this: https://my.nbg.gr/identity/connect/authorize?consentid={{consentid}}&clientid={{clientid}}&scope={{scope}}&redirecturi={{redirecturi}}&response_type=code
Once the PSU is redirected to the Consent Authorization Screen, they need to enter their IBank (Production) or Developer Portal (Sandbox) Credentials and either Authorize or Reject the Consent.
At this point the Consent is binded with the PSU.
Debtor Account
Currently, only the "UK.OBIE.IBAN" scheme is supported.
Feedback and Questions
We would love to hear your feedback and answer your questions. Send us at
[email protected]
Check out our [Sandbox Postman
Collection](https://github.com/NBG-Developer-Portal/Account-Information-UK-Open-Banking)!
Created by NBG.
Entities
Below, the main entities are documented.
OBExternalPermissions1Code
Attributes
| Type| Description| Example| Values|
| -----| -----| -----| -----|
| enum| Specifies the Open Banking account access data types. This is a list of the data clusters being consented by the PSU, and requested for authorisation with the ASPSP.| ReadAccountsBasic ReadAccountsDetail ReadBalances ReadBeneficiariesBasic ReadBeneficiariesDetail ReadDirectDebits ReadOffers ReadPAN ReadParty ReadPartyPSU ReadProducts ReadScheduledPaymentsBasic ReadScheduledPaymentsDetail ReadStandingOrdersBasic ReadStandingOrdersDetail ReadStatementsBasic ReadStatementsDetail ReadTransactionsBasic ReadTransactionsCredits ReadTransactionsDebits ReadTransactionsDetail |
OBReadData1
Attributes
| Name| Description| Values|
| -----| -----| -----|
| Permissions| Specifies the Open Banking account access data types. This is a list of the data clusters being consented by the PSU, and requested for authorisation with the ASPSP.| array[OBExternalPermissions1Code]|
| ExpirationDateTime| Specified date and time the permissions will expire. If this is not populated, the permissions will be open ended. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00| string|
| TransactionFromDateTime| Specified start date and time for the transaction query period. If this is not populated, the start date will be open ended, and data will be returned from the earliest available transaction. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00| string|
| TransactionToDateTime| Specified end date and time for the transaction query period. If this is not populated, the end date will be open ended, and data will be returned to the latest available transaction. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00| string|
OBRisk2
The Risk section is sent by the initiating party to the ASPSP. It is used to specify additional details for risk scoring for Account Info.
Attributes
| Name| Description| Values|
| -----| -----| -----|
OBReadConsent1
Attributes
| Name| Description| Values|
| -----| -----| -----|
| Data | Entity | OBReadData1 Permissions array[[OBExternalPermissions1Code]] ExpirationDateTime [string] TransactionFromDateTime [string] TransactionToDateTime [string] |
| Risk | Entity | OBRisk2 |
ErrorCode
Attributes
| Type| Description| Example| Values|
| -----| -----| -----| -----|
| enum| This is Data Type gives a low level textual error code to help categorise an error response. The applicable HTTP response code is also given.| UK.OBIE.Field.Expected UK.OBIE.Field.Invalid UK.OBIE.Field.InvalidDate UK.OBIE.Field.Missing UK.OBIE.Field.Unexpected UK.OBIE.Header.Invalid UK.OBIE.Header.Missing UK.OBIE.Resource.ConsentMismatch UK.OBIE.Resource.InvalidConsentStatus UK.OBIE.Resource.InvalidFormat UK.OBIE.Resource.NotFound UK.OBIE.Rules.AfterCutOffDateTime UK.OBIE.Rules.DuplicateReference UK.OBIE.Signature.Invalid UK.OBIE.Signature.InvalidClaim UK.OBIE.Signature.MissingClaim UK.OBIE.Signature.Malformed UK.OBIE.Signature.Missing UK.OBIE.Signature.Unexpected UK.OBIE.Unsupported.AccountIdentifier UK.OBIE.Unsupported.AccountSecondaryIdentifier UK.OBIE.Unsupported.Currency UK.OBIE.Unsupported.EventType UK.OBIE.Unsupported.Frequency UK.OBIE.Unsupported.LocalInstrument UK.OBIE.Unsupported.Scheme UK.OBIE.Reauthenticate UK.OBIE.Rules.ResourceAlreadyExists UK.OBIE.UnexpectedError |
OBError1
Attributes
| Name| Description| Values|
| -----| -----| -----|
| ErrorCode | Entity | ErrorCode |
| Message| A description of the error that occurred. e.g., 'A mandatory field isn't supplied' or 'RequestedExecutionDateTime must be in future'OBIE doesn't standardise this field| string|
| Path| Recommended but optional reference to the JSON Path of the field with error, e.g., Data.Initiation.InstructedAmount.Currency| string|
OBErrorResponse1
An array of detail error codes, and messages, and URLs to documentation to help remediation.
Attributes
| Name| Description| Values|
| -----| -----| -----|
| Code| High level textual error code, to help categorize the errors.| string|
| Id| A unique reference for the error instance, for audit purposes, in case of unknown/unclassified errors.| string|
| Message| Brief Error message, e.g., 'There is something wrong with the request parameters provided'| string|
| Errors| Gets or Sets Errors| array[OBError1]|
OBExternalRequestStatus1Code
Attributes
| Type| Description| Example| Values|
| -----| -----| -----| -----|
| enum| Specifies the status of consent resource in code form.| Authorised AwaitingAuthorisation Rejected Revoked |
OBReadDataConsentResponse1
Attributes
| Name| Description| Values|
| -----| -----| -----|
| ConsentId| Unique identification as assigned to identify the account access consent resource.| string|
| CreationDateTime| Date and time at which the resource was created. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00| string|
| Status | Entity | OBExternalRequestStatus1Code |
| StatusUpdateDateTime| Date and time at which the resource status was updated. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00| string|
| Permissions| Specifies the Open Banking account access data types. This is a list of the data clusters being consented by the PSU, and requested for authorisation with the ASPSP.| array[OBExternalPermissions1Code]|
| ExpirationDateTime| Specified date and time the permissions will expire. If this is not populated, the permissions will be open ended. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00| string|
| TransactionFromDateTime| Specified start date and time for the transaction query period. If this is not populated, the start date will be open ended, and data will be returned from the earliest available transaction. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00| string|
| TransactionToDateTime| Specified end date and time for the transaction query period. If this is not populated, the end date will be open ended, and data will be returned to the latest available transaction. All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00| string|
Links
Links relevant to the payload
Attributes
| Name| Description| Values|
| -----| -----| -----|
| Self| -| string|
| First| -| string|
| Prev| -| string|
| Next| -| string|
| Last| -| string|
Meta
Meta Data relevant to the payload
Attributes
| Name| Description| Values|
| -----| -----| -----|
| TotalPages| -| integer|
| FirstAvailableDateTime| All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone.An example is below: 2017-04-05T10:43:07+00:00| string|
| LastAvailableDateTime| All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone.An example is below: 2017-04-05T10:43:07+00:00| string|
OBReadConsentResponse1
Attributes
| Name| Description| Values|
| -----| -----| -----|
| Data | Entity | OBReadDataConsentResponse1 ConsentId string] CreationDateTime [string] Status [[OBExternalRequestStatus1Code] StatusUpdateDateTime string] Permissions [array[[OBExternalPermissions1Code]] ExpirationDateTime [string] TransactionFromDateTime [string] TransactionToDateTime [string] |
| Risk | Entity | OBRisk2 |
| Links | Entity | Links Self [string] First [string] Prev [string] Next [string] Last [string] |
| Meta | Entity | Meta TotalPages [integer] FirstAvailableDateTime [string] LastAvailableDateTime [string] |
OBExternalAccountType1Code
Attributes
| Type| Description| Example| Values|
| -----| -----| -----| -----|
| enum| -| Business Personal |
OBExternalAccountSubType1Code
Attributes
| Type| Description| Example| Values|
| -----| -----| -----| -----|
| enum| -| ChargeCard CreditCard CurrentAccount EMoney Loan Mortgage PrePaidCard Savings |
OBCashAccount5
Attributes
| Name| Description| Values|
| -----| -----| -----|
| SchemeName| Name of the identification scheme, in a coded form as published in an external list.| string|
| Identification| Identification assigned by an institution to identify an account. This identification is known by the account owner.| string|
| Name| The account name is the name or names of the account owner(s) represented at an account level, as displayed by the ASPSP's online channels. Note, the account name is not the product name or the nickname of the account.| string|
| SecondaryIdentification| This is secondary identification of the account, as assigned by the account servicing institution. This can be used by building societies to additionally identify accounts with a roll number(in addition to a sort code and account number combination).| string|
OBBranchAndFinancialInstitutionIdentification5
Attributes
| Name| Description| Values|
| -----| -----| -----|
| SchemeName| Name of the identification scheme, in a coded form as published in an external list.| string|
| Identification| Unique and unambiguous identification of the servicing institution.| string|
OBAccount6
Unambiguous identification of the account to which credit and debit entries are made.
Attributes
| Name| Description| Values|
| -----| -----| -----|
| AccountId| A unique and immutable identifier used to identify the account resource. This identifier has no meaning to the account owner.| string|
| Currency| Identification of the currency in which the account is held. Usage: Currency should only be used in case one and the same account number covers several currencies and the initiating party needs to identify which currency needs to be used for settlement on the account.| string|
| AccountType | Entity | OBExternalAccountType1Code |
| AccountSubType | Entity | OBExternalAccountSubType1Code |
| Description| Specifies the description of the account type.| string|
| Nickname| The nickname of the account, assigned by the account owner in order to provide an additional means of identification of the account.| string|
| OpeningDate| Date on which the account and related basic services are effectively operational for the account owner.All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00| string|
| Account| Provides the details to identify an account.| array[OBCashAccount5]|
| Servicer | Entity | OBBranchAndFinancialInstitutionIdentification5 SchemeName [string] Identification [string] |
OBReadDataAccount5
Attributes
| Name| Description| Values|
| -----| -----| -----|
| Account| Unambiguous identification of the account to which credit and debit entries are made.| array[OBAccount6]|
OBReadAccount5
Attributes
| Name| Description| Values|
| -----| -----| -----|
| Data | Entity | OBReadDataAccount5 Account array[[OBAccount6]] |
| Links | Entity | Links Self [string] First [string] Prev [string] Next [string] Last [string] |
| Meta | Entity | Meta TotalPages [integer] FirstAvailableDateTime [string] LastAvailableDateTime [string] |
OBCreditDebitCode
Attributes
| Type| Description| Example| Values|
| -----| -----| -----| -----|
| enum| -| Credit Debit |
OBBalanceType1Code
Attributes
| Type| Description| Example| Values|
| -----| -----| -----| -----|
| enum| -| ClosingAvailable ClosingBooked ClosingCleared Expected ForwardAvailable Information InterimAvailable InterimBooked InterimCleared OpeningAvailable OpeningBooked OpeningCleared PreviouslyClosedBooked |
OBActiveOrHistoricCurrencyAndAmount
Attributes
| Name| Description| Values|
| -----| -----| -----|
| Amount| A number of monetary units specified in an active currency where the unit of currency is explicit and compliant with ISO 4217.| string|
| Currency| A code allocated to a currency by a Maintenance Agency under an international identification scheme, as described in the latest edition of the international standard ISO 4217 "Codes for the representation of currencies and funds".| string|
OBExternalLimitType1Code
Attributes
| Type| Description| Example| Values|
| -----| -----| -----| -----|
| enum| -| Available Credit Emergency Pre-Agreed Temporary |
OBCreditLine1
Attributes
| Name| Description| Values|
| -----| -----| -----|
| Included| Indicates whether or not the credit line is included in the balance of the account. Usage: If not present, credit line is not included in the balance amount of the account.| boolean|
| Type | Entity | OBExternalLimitType1Code |
| Amount | Entity | OBActiveOrHistoricCurrencyAndAmount Amount [string] Currency [string] |
OBCashBalance1
Set of elements used to define the balance details.
Attributes
| Name| Description| Values|
| -----| -----| -----|
| AccountId| A unique and immutable identifier used to identify the account resource. This identifier has no meaning to the account owner.| string|
| CreditDebitIndicator | Entity | OBCreditDebitCode |
| Type | Entity | OBBalanceType1Code |
| DateTime| Indicates the date (and time) of the balance.All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone. An example is below: 2017-04-05T10:43:07+00:00| string|
| Amount | Entity | OBActiveOrHistoricCurrencyAndAmount Amount [string] Currency [string] |
| CreditLine| Set of elements used to provide details on the credit line.| array[OBCreditLine1]|
OBReadDataBalance1
Attributes
| Name| Description| Values|
| -----| -----| -----|
| Balance| Set of elements used to define the balance details.| array[OBCashBalance1]|
OBReadBalance1
Attributes
| Name| Description| Values|
| -----| -----| -----|
| Data | Entity | OBReadDataBalance1 Balance array[[OBCashBalance1]] |
| Links | Entity | Links Self [string] First [string] Prev [string] Next [string] Last [string] |
| Meta | Entity | Meta TotalPages [integer] FirstAvailableDateTime [string] LastAvailableDateTime [string] |
OBBeneficiaryType1Code
Attributes
| Type| Description| Example| Values|
| -----| -----| -----| -----|
| enum| Specifies the Beneficiary Type.| Trusted Ordinary |
OBBeneficiary5
Attributes
| Name| Description| Values|
| -----| -----| -----|
| AccountId| A unique and immutable identifier used to identify the account resource. This identifier has no meaning to the account owner.| string|
| BeneficiaryType | Entity | OBBeneficiaryType1Code |
| CreditorAccount | Entity | OBCashAccount5 SchemeName [string] Identification [string] Name [string] SecondaryIdentification [string] |
OBReadDataBeneficiary5
Attributes
| Name| Description| Values|
| -----| -----| -----|
| Beneficiary| -| array[OBBeneficiary5]|
OBReadBeneficiary5
Attributes
| Name| Description| Values|
| -----| -----| -----|
| Data | Entity | OBReadDataBeneficiary5 Beneficiary array[[OBBeneficiary5]] |
| Links | Entity | Links Self [string] First [string] Prev [string] Next [string] Last [string] |
| Meta | Entity | Meta TotalPages [integer] FirstAvailableDateTime [string] LastAvailableDateTime [string] |
OBParty2
Attributes
| Name| Description| Values|
| -----| -----| -----|
| PartyId| A unique and immutable identifier used to identify the customer resource. This identifier has no meaning to the account owner.| string|
| Name| Name by which a party is known and which is usually used to identify that party.| string|
OBReadDataParty2
Attributes
| Name| Description| Values|
| -----| -----| -----|
| Party | Entity | OBParty2 PartyId [string] Name [string] |
OBReadParty2
Attributes
| Name| Description| Values|
| -----| -----| -----|
| Data | Entity | OBReadDataParty2 Party [OBParty2] PartyId [string] Name [string] |
| Links | Entity | Links Self [string] First [string] Prev [string] Next [string] Last [string] |
| Meta | Entity | Meta TotalPages [integer] FirstAvailableDateTime [string] LastAvailableDateTime [string] |
OBReadDataParty3
Attributes
| Name| Description| Values|
| -----| -----| -----|
| Party| -| array[OBParty2]|
OBReadParty3
Attributes
| Name| Description| Values|
| -----| -----| -----|
| Data | Entity | OBReadDataParty3 Party array[[OBParty2]] |
| Links | Entity | Links Self [string] First [string] Prev [string] Next [string] Last [string] |
| Meta | Entity | Meta TotalPages [integer] FirstAvailableDateTime [string] LastAvailableDateTime [string] |
SandboxRequest
Request to create a new sandbox
Attributes
| Name| Description| Values|
| -----| -----| -----|
| sandboxId| Sandbox Id| string|
ErrorResponse
Attributes
| Name| Description| Values|
| -----| -----| -----|
| errorMessage| -| string|
SandboxRetryCacheEntry
Keeps the number of calls without x-fapi-customer-ip-address header present
Attributes
| Name| Description| Values|
| -----| -----| -----|
| cacheKey| Cache key| string|
| count| Number of retries ( up to 4 )| integer|
| expirationTimestamp| Expiration timestamp of the entry| string|
SandboxBankAccountInfo
General account information
Attributes
| Name| Description| Values|
| -----| -----| -----|
| currency| Currency (EUR, USD ...)| string|
| iban| Account's IBAN| string|
| accountType| Account's type (Business, Personal)| string|
| accountSubType| Account's sub-type (ChargeCard, CreditCard, CurrentAccount ...)| string|
| description| Account's description| string|
| alias| Account's alias| string|
| openingDate| Account's opening date| string|
| availableBalance| Account's available balance| number|
| ledgerBalance| Account's ledger balance| number|
| overdraftLimit| Account's overdraft limit| number|
SandboxParty
Connected party information
Attributes
| Name| Description| Values|
| -----| -----| -----|
| id| Party id| string|
| name| Name| string|
SandboxBeneficiary
Beneficiary information
Attributes
| Name| Description| Values|
| -----| -----| -----|
| name| Beneficiary name| string|
SandboxStandingOrder
Standing order information
Attributes
| Name| Description| Values|
| -----| -----| -----|
| description| Standing order short description| string|
| frequency| Standing order frequency| string|
| firstPaymentDate| Standing order first collection date| string|
| nextPaymentDate| Standing order next collection date| string|
| finalPaymentDate| Standing order final collection date| string|
| lastPaymentDate| Standing order last executed payment date| string|
| status| Standing order status (Active, Inactive)| string|
| amount| Standing order amount| number|
SandboxScheduledPayment
Scheduled payment information
Attributes
| Name| Description| Values|
| -----| -----| -----|
| description| Scheduled payment's short description| string|
| executionDate| Scheduled payment's execution date| string|
| amount| Amount| number|
| senderReference| Debtor / Sender reference| string|
SandboxStatement
Statement information
Attributes
| Name| Description| Values|
| -----| -----| -----|
| number| Statement number| string|
| year| Statement year| integer|
| month| Statement month| integer|
SandboxTransaction
Transaction information
Attributes
| Name| Description| Values|
| -----| -----| -----|
| reference| Transaction reference| string|
| amount| Amount| number|
| currency| Currency (EUR, USD ...)| string|
| creditDebit| Credit / Debit indicator| string|
| valueDateTime| Valeur| string|
| bookingDateTime| Booking date time| string|
| description| Description| string|
| accountingBalance| Balance| number|
| relatedAccount| Related account| string|
| relatedName| Related account| string|
| transactionCode| Transaction code| string|
SandboxBankAccount
Sandbox bank account
Attributes
| Name| Description| Values|
| -----| -----| -----|
| info | Entity | SandboxBankAccountInfo currency [string] iban [string] accountType [string] accountSubType [string] description [string] alias [string] openingDate [string] availableBalance [number] ledgerBalance [number] overdraftLimit [number] |
| party | Entity | SandboxParty id [string] name [string] |
| beneficiaries| List of account's beneficiaries| array[SandboxBeneficiary]|
| standingOrders| List of account's standing orders| array[SandboxStandingOrder]|
| scheduledPayments| List of account's scheduled payments| array[SandboxScheduledPayment]|
| statements| List of account's statements| array[SandboxStatement]|
| transactions| List of account's transactions| array[SandboxTransaction]|
SandboxCardInfo
Sandbox card information
Attributes
| Name| Description| Values|
| -----| -----| -----|
| number| Card number| string|
| description| Description| string|
| holderName| Holder name| string|
| expiration| Expiration date (05/2022)| string|
| type| Type| string|
| subType| Sub type| string|
| availableBalance| Available balance| number|
| ledgerBalance| Ledger balance| number|
| creditLimit| Credit limit ( applicable to credit cards )| number|
SandboxCard
Sandbox card
Attributes
| Name| Description| Values|
| -----| -----| -----|
| info | Entity | SandboxCardInfo number [string] description [string] holderName [string] expiration [string] type [string] subType [string] availableBalance [number] ledgerBalance [number] creditLimit [number] |
| party | Entity | SandboxParty id [string] name [string] |
| statements| Card statements| array[SandboxStatement]|
| transactions| Card transactions| array[SandboxTransaction]|
SandboxUser
User data
Attributes
| Name| Description| Values|
| -----| -----| -----|
| userId| Connected user id| string|
| retryCacheEntries| Retry cache entries| array[SandboxRetryCacheEntry]|
| accounts| List of accounts| array[SandboxBankAccount]|
| cards| List of cards| array[SandboxCard]|
Sandbox
Sandbox model
Attributes
| Name| Description| Values|
| -----| -----| -----|
| sandboxId| Sandbox id| string|
| users| List of users| array[SandboxUser]|
OBExternalScheduleType1Code
Attributes
| Type| Description| Example| Values|
| -----| -----| -----| -----|
| enum| -| Arrival Execution |
OBScheduledPayment3
Attributes
| Name| Description| Values|
| -----| -----| -----|
| AccountId| A unique and immutable identifier used to identify the account resource. This identifier has no meaning to the account owner.| string|
| ScheduledPaymentId| A unique and immutable identifier used to identify the scheduled payment resource. This identifier has no meaning to the account owner.| string|
| ScheduledPaymentDateTime| The date on which the scheduled payment will be made.All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone.An example is below: 2017-04-05T10:43:07+00:00| string|
| ScheduledType | Entity | OBExternalScheduleType1Code |
| Reference| Unique reference, as assigned by the creditor, to unambiguously refer to the payment transaction. Usage: If available, the initiating party should provide this reference in the structured remittance information, to enable reconciliation by the creditor upon receipt of the amount of money. If the business context requires the use of a creditor reference or a payment remit identification, and only one identifier can be passed through the end-to-end chain, the creditor's reference or payment remittance identification should be quoted in the end-to-end transaction identification.| string|
| DebtorReference| A reference value provided by the PSU to the PISP while setting up the scheduled payment.| string|
| InstructedAmount | Entity | OBActiveOrHistoricCurrencyAndAmount Amount [string] Currency [string] |
| CreditorAccount | Entity | OBCashAccount5 SchemeName [string] Identification [string] Name [string] SecondaryIdentification [string] |
OBReadDataScheduledPayment3
Attributes
| Name| Description| Values|
| -----| -----| -----|
| ScheduledPayment| -| array[OBScheduledPayment3]|
OBReadScheduledPayment3
Attributes
| Name| Description| Values|
| -----| -----| -----|
| Data | Entity | OBReadDataScheduledPayment3 ScheduledPayment array[[OBScheduledPayment3]] |
| Links | Entity | Links Self [string] First [string] Prev [string] Next [string] Last [string] |
| Meta | Entity | Meta TotalPages [integer] FirstAvailableDateTime [string] LastAvailableDateTime [string] |
OBExternalStandingOrderStatus1Code
Attributes
| Type| Description| Example| Values|
| -----| -----| -----| -----|
| enum| -| Active Inactive |
OBStandingOrder5
Attributes
| Name| Description| Values|
| -----| -----| -----|
| AccountId| A unique and immutable identifier used to identify the account resource. This identifier has no meaning to the account owner.| string|
| StandingOrderId| A unique and immutable identifier used to identify the standing order resource. This identifier has no meaning to the account owner.| string|
| Frequency| Individual Definitions: IntrvlMnthDay - An interval specified in months(between 01, 02, 03, 04, 06, 12, 24), specifying the day within the month(01 to 31) Full Regular Expression: ^(IntrvlMnthDay:(0[1,2,3,4,6]|12|24):(0[1-9]|[12] [0-9]|3[01]))$| string|
| Reference| Unique reference, as assigned by the creditor, to unambiguously refer to the payment transaction. Usage: If available, the initiating party should provide this reference in the structured remittance information, to enable reconciliation by the creditor upon receipt of the amount of money. If the business context requires the use of a creditor reference or a payment remit identification, and only one identifier can be passed through the end-to-end chain, the creditor's reference or payment remittance identification should be quoted in the end-to-end transaction identification.| string|
| FirstPaymentDateTime| The date on which the first payment for a Standing Order schedule will be made.All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone.An example is below: 2017-04-05T10:43:07+00:00| string|
| NextPaymentDateTime| The date on which the next payment for a Standing Order schedule will be made.All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone.An example is below: 2017-04-05T10:43:07+00:00| string|
| LastPaymentDateTime| The date on which the last (most recent) payment for a Standing Order schedule was made.All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone.An example is below: 2017-04-05T10:43:07+00:00| string|
| FinalPaymentDateTime| The date on which the final payment for a Standing Order schedule will be made.All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone.An example is below: 2017-04-05T10:43:07+00:00| string|
| StandingOrderStatusCode | Entity | OBExternalStandingOrderStatus1Code |
| FirstPaymentAmount | Entity | OBActiveOrHistoricCurrencyAndAmount Amount [string] Currency [string] |
| NextPaymentAmount | Entity | OBActiveOrHistoricCurrencyAndAmount Amount [string] Currency [string] |
| LastPaymentAmount | Entity | OBActiveOrHistoricCurrencyAndAmount Amount [string] Currency [string] |
| FinalPaymentAmount | Entity | OBActiveOrHistoricCurrencyAndAmount Amount [string] Currency [string] |
| CreditorAccount | Entity | OBCashAccount5 SchemeName [string] Identification [string] Name [string] SecondaryIdentification [string] |
OBReadDataStandingOrder5
Attributes
| Name| Description| Values|
| -----| -----| -----|
| StandingOrder| -| array[OBStandingOrder5]|
OBReadStandingOrder6
Attributes
| Name| Description| Values|
| -----| -----| -----|
| Data | Entity | OBReadDataStandingOrder5 StandingOrder array[[OBStandingOrder5]] |
| Links | Entity | Links Self [string] First [string] Prev [string] Next [string] Last [string] |
| Meta | Entity | Meta TotalPages [integer] FirstAvailableDateTime [string] LastAvailableDateTime [string] |
OBExternalStatementType1Code
Attributes
| Type| Description| Example| Values|
| -----| -----| -----| -----|
| enum| -| AccountClosure AccountOpening Annual Interim RegularPeriodic |
OBStatement2
Provides further details on a statement resource.
Attributes
| Name| Description| Values|
| -----| -----| -----|
| AccountId| A unique and immutable identifier used to identify the account resource. This identifier has no meaning to the account owner.| string|
| StatementId| Unique identifier for the statement resource within an servicing institution. This identifier is both unique and immutable.| string|
| StatementReference| Unique reference for the statement. This reference may be optionally populated if available.| string|
| Type | Entity | OBExternalStatementType1Code |
| StartDateTime| Date and time at which the statement period starts.All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone.An example is below: 2017-04-05T10:43:07+00:00| string|
| EndDateTime| Date and time at which the statement period starts.All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone.An example is below: 2017-04-05T10:43:07+00:00| string|
| CreationDateTime| Date and time at which the statement period starts.All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone.An example is below: 2017-04-05T10:43:07+00:00| string|
OBReadDataStatement2
Attributes
| Name| Description| Values|
| -----| -----| -----|
| Statement| Provides further details on a statement resource.| array[OBStatement2]|
OBReadStatement2
Attributes
| Name| Description| Values|
| -----| -----| -----|
| Data | Entity | OBReadDataStatement2 Statement array[[OBStatement2]] |
| Links | Entity | Links Self [string] First [string] Prev [string] Next [string] Last [string] |
| Meta | Entity | Meta TotalPages [integer] FirstAvailableDateTime [string] LastAvailableDateTime [string] |
OBEntryStatus1Code
Attributes
| Type| Description| Example| Values|
| -----| -----| -----| -----|
| enum| -| Booked Pending |
ProprietaryBankTransactionCodeStructure1
Set of elements to fully identify a proprietary bank transaction code.
Attributes
| Name| Description| Values|
| -----| -----| -----|
| Code| Proprietary bank transaction code to identify the underlying transaction.| string|
| Issuer| Identification of the issuer of the proprietary bank transaction code.| string|
OBTransactionCashBalance
Set of elements used to define the balance as a numerical representation of the net increases and decreases in an account after a transaction entry is applied to the account.
Attributes
| Name| Description| Values|
| -----| -----| -----|
| CreditDebitIndicator | Entity | OBCreditDebitCode |
| Type | Entity | OBBalanceType1Code |
| Amount | Entity | OBActiveOrHistoricCurrencyAndAmount Amount [string] Currency [string] |
OBCashAccount6
Unambiguous identification of the account of the creditor, in the case of a debit transaction.
Attributes
| Name| Description| Values|
| -----| -----| -----|
| SchemeName| Name of the identification scheme, in a coded form as published in an external list.| string|
| Identification| Identification assigned by an institution to identify an account. This identification is known by the account owner.| string|
| Name| The account name is the name or names of the account owner(s) represented at an account level, as displayed by the ASPSP's online channels. Note, the account name is not the product name or the nickname of the account.| string|
OBTransaction6
Provides further details on an entry in the report.
Attributes
| Name| Description| Values|
| -----| -----| -----|
| AccountId| A unique and immutable identifier used to identify the account resource. This identifier has no meaning to the account owner.| string|
| TransactionReference| Unique reference for the transaction. This reference is optionally populated, and may as an example be the FPID in the Faster Payments context.| string|
| CreditDebitIndicator | Entity | OBCreditDebitCode |
| Status | Entity | OBEntryStatus1Code |
| BookingDateTime| Date and time when a transaction entry is posted to an account on the account servicer's books. Usage: Booking date is the expected booking date, unless the status is booked, in which case it is the actual booking date.All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone.An example is below: 2017-04-05T10:43:07+00:00| string|
| ValueDateTime| Date and time at which assets become available to the account owner in case of a credit entry, or cease to be available to the account owner in case of a debit transaction entry. Usage: If transaction entry status is pending and value date is present, then the value date refers to an expected/requested value date. For transaction entries subject to availability/float and for which availability information is provided, the value date must not be used.In this case the availability component identifies the number of availability days.All dates in the JSON payloads are represented in ISO 8601 date-time format. All date-time fields in responses must include the timezone.An example is below: 2017-04-05T10:43:07+00:00| string|
| TransactionInformation| Further details of the transaction. This is the transaction narrative, which is unstructured text.| string|
| Amount | Entity | OBActiveOrHistoricCurrencyAndAmount Amount [string] Currency [string] |
| ProprietaryBankTransactionCode | Entity | ProprietaryBankTransactionCodeStructure1 Code [string] Issuer [string] |
| Balance | Entity | OBTransactionCashBalance CreditDebitIndicator [OBCreditDebitCode] Type [OBBalanceType1Code] Amount [OBActiveOrHistoricCurrencyAndAmount] Amount [string] Currency [string] |
| CreditorAccount | Entity | OBCashAccount6 SchemeName [string] Identification [string] Name [string] |
| DebtorAccount | Entity | OBCashAccount6 SchemeName [string] Identification [string] Name [string] |
OBReadDataTransaction6
Attributes
| Name| Description| Values|
| -----| -----| -----|
| Transaction| Provides further details on an entry in the report.| array[OBTransaction6]|
OBReadTransaction6
Attributes
| Name| Description| Values|
| -----| -----| -----|
| Data | Entity | OBReadDataTransaction6 Transaction array[[OBTransaction6]] |
| Links | Entity | Links Self [string] First [string] Prev [string] Next [string] Last [string] |
| Meta | Entity | Meta TotalPages [integer] FirstAvailableDateTime [string] LastAvailableDateTime [string] |
Authentication

Xero Payroll AU API

This is the Xero Payroll API for orgs in Australia region.

Paylocity API

paylocity.com
For general questions and support of the API, contact: [email protected]
Overview
Paylocity Web Services API is an externally facing RESTful Internet protocol. The Paylocity API uses HTTP verbs and a RESTful endpoint structure. OAuth 2.0 is used as the API Authorization framework. Request and response payloads are formatted as JSON.
Paylocity supports v1 and v2 versions of its API endpoints. v1, while supported, won't be enhanced with additional functionality. For direct link to v1 documentation, please click here. For additional resources regarding v1/v2 differences and conversion path, please contact [email protected].
Setup
Paylocity will provide the secure client credentials and set up the scope (type of requests and allowed company numbers). You will receive the unique client id, secret, and Paylocity public key for the data encryption. The secret will expire in 365 days.
Paylocity will send you an e-mail 10 days prior to the expiration date for the current secret. If not renewed, the second e-mail notification will be sent 5 days prior to secret's expiration. Each email will contain the code necessary to renew the client secret.
You can obtain the new secret by calling API endpoint using your current not yet expired credentials and the code that was sent with the notification email. For details on API endpoint, please see Client Credentials section.
Both the current secret value and the new secret value will be recognized during the transition period. After the current secret expires, you must use the new secret.
If you were unable to renew the secret via API endpoint, you can still contact Service and they will email you new secret via secure email.
When validating the request, Paylocity API will honor the defaults and required fields set up for the company default New Hire Template as defined in Web Pay.
Authorization
Paylocity Web Services API uses OAuth2.0 Authentication with JSON Message Format.
All requests of the Paylocity Web Services API require a bearer token which can be obtained by authenticating the client with the Paylocity Web Services API via OAuth 2.0.
The client must request a bearer token from the authorization endpoint:
auth-server for production: https://api.paylocity.com/IdentityServer/connect/token
auth-server for testing: https://apisandbox.paylocity.com/IdentityServer/connect/token
Paylocity reserves the right to impose rate limits on the number of calls made to our APIs. Changes to API features/functionality may be made at anytime with or without prior notice.
Authorization Header
The request is expected to be in the form of a basic authentication request, with the "Authorization" header containing the client-id and client-secret. This means the standard base-64 encoded user:password, prefixed with "Basic" as the value for the Authorization header, where user is the client-id and password is the client-secret.
Content-Type Header
The "Content-Type" header is required to be "application/x-www-form-urlencoded".
Additional Values
The request must post the following form encoded values within the request body:
granttype = clientcredentials
scope = WebLinkAPI
Responses
Success will return HTTP 200 OK with JSON content:
{
"access_token": "xxx",
"expires_in": 3600,
"token_type": "Bearer"
}
Encryption
Paylocity uses a combination of RSA and AES cryptography. As part of the setup, each client is issued a public RSA key.
Paylocity recommends the encryption of the incoming requests as additional protection of the sensitive data. Clients can opt-out of the encryption during the initial setup process. Opt-out will allow Paylocity to process unencrypted requests.
The Paylocity Public Key has the following properties:
2048 bit key size
PKCS1 key format
PEM encoding
Properties
key (base 64 encoded): The AES symmetric key encrypted with the Paylocity Public Key. It is the key used to encrypt the content. Paylocity will decrypt the AES key using RSA decryption and use it to decrypt the content.
iv (base 64 encoded): The AES IV (Initialization Vector) used when encrypting the content.
content (base 64 encoded): The AES encrypted request. The key and iv provided in the secureContent request are used by Paylocity for decryption of the content.
We suggest using the following for the AES:
CBC cipher mode
PKCS7 padding
128 bit block size
256 bit key size
Encryption Flow
Generate the unencrypted JSON payload to POST/PUT
Encrypt this JSON payload using your own key and IV (NOT with the Paylocity public key)
RSA encrypt the key you used in step 2 with the Paylocity Public Key, then, base64 encode the result
Base64 encode the IV used to encrypt the JSON payload in step 2
Put together a "securecontent" JSON object:
{
'secureContent' : {
'key' : -- RSA-encrypted & base64 encoded key from step 3,
'iv' : -- base64 encoded iv from step 4
'content' -- content encrypted with your own key from step 2, base64 encoded
}
}
Sample Example
{
"secureContent": {
"key": "eS3aw6H/qzHMJ00gSi6gQ3xa08DPMazk8BFY96Pd99ODA==",
"iv": "NLyXMGq9svw0XO5aI9BzWw==",
"content": "gAEOiQltO1w+LzGUoIK8FiYbU42hug94EasSl7N+Q1w="
}
}
Sample C# Code
using Newtonsoft.Json;
using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;
public class SecuredContent
{
[JsonProperty("key")]
public string Key { get; set; }
[JsonProperty("iv")]
public string Iv { get; set; }
[JsonProperty("content")]
public string Content { get; set; }
}
public class EndUserSecureRequestExample
{
public string CreateSecuredRequest(FileInfo paylocityPublicKey, string unsecuredJsonRequest)
{
string publicKeyXml = File.ReadAllText(paylocityPublicKey.FullName, Encoding.UTF8);
SecuredContent secureContent = this.CreateSecuredContent(publicKeyXml, unsecuredJsonRequest);
string secureRequest = JsonConvert.SerializeObject(new { secureContent });
return secureRequest;
}
private SecuredContent CreateSecuredContent(string publicKeyXml, string request)
{
using (AesCryptoServiceProvider aesCsp = new AesCryptoServiceProvider())
{
aesCsp.Mode = CipherMode.CBC;
aesCsp.Padding = PaddingMode.PKCS7;
aesCsp.BlockSize = 128;
aesCsp.KeySize = 256;
using (ICryptoTransform crt = aesCsp.CreateEncryptor(aesCsp.Key, aesCsp.IV))
{
using (MemoryStream outputStream = new MemoryStream())
{
using (CryptoStream encryptStream = new CryptoStream(outputStream, crt, CryptoStreamMode.Write))
{
byte[] encodedRequest = Encoding.UTF8.GetBytes(request);
encryptStream.Write(encodedRequest, 0, encodedRequest.Length);
encryptStream.FlushFinalBlock();
byte[] encryptedRequest = outputStream.ToArray();
using (RSACryptoServiceProvider crp = new RSACryptoServiceProvider())
{
crp.FromXmlstring(publicKeyXml);
byte[] encryptedKey = crp.Encrypt(aesCsp.Key, false);
return new SecuredContent()
{
Key = Convert.ToBase64string(encryptedKey),
Iv = Convert.ToBase64string(aesCsp.IV),
Content = Convert.ToBase64string(encryptedRequest)
};
}
}
}
}
}
}
}
Support
Questions about using the Paylocity API? Please contact [email protected].
Deductions (v1)
Deductions API provides endpoints to retrieve, add, update and delete deductions for a company's employees. For schema details, click here.
OnBoarding (v1)
Onboarding API sends employee data into Paylocity Onboarding to help ensure an easy and accurate hiring process for subsequent completion into Web Pay. For schema details, click here.

Beanstream Payments

beanstream.com
https://www.beanstream.com/api/v1

NOWPayments API

nowpayments.io
NOWPayments is a non-custodial cryptocurrency payment processing platform. Accept payments in a wide range of cryptos and get them instantly converted into a coin of your choice and sent to your wallet. Keeping it simple – no excess.
Sandbox
Before production usage, you can test our API using the Sandbox. Details can be found here
Authentication
To use the NOWPayments API you should do the following:
Sign up at nowpayments.io
Specify your outcome wallet
Generate an API key
Standard e-commerce flow for NOWPayments API:
API - Check API availability with the "GET API status" method. If required, check the list of available payment currencies with the "GET available currencies" method.
UI - Ask a customer to select item/items for purchase to determine the total sum;
UI - Ask a customer to select payment currency
API - Get the minimum payment amount for the selected currency pair (payment currency to your Outcome Wallet currency) with the "GET Minimum payment amount" method;
API - Get the estimate of the total amount in crypto with "GET Estimated price" and check that it is larger than the minimum payment amount from step 4;
API - Call the "POST Create payment" method to create a payment and get the deposit address (in our example, the generated BTC wallet address is returned from this method);
UI - Ask a customer to send the payment to the generated deposit address (in our example, user has to send BTC coins);
UI - A customer sends coins, NOWPayments processes and exchanges them (if required), and settles the payment to your Outcome Wallet (in our example, to your ETH address);
API - You can get the payment status either via our IPN callbacks or manually, using "GET Payment Status" and display it to a customer so that they know when their payment has been processed.
API - you call the list of payments made to your account via the "GET List of payments" method. Additionally, you can see all of this information in your Account on NOWPayments website.
Alternative flow
API - Check API availability with the "GET API status" method. If required, check the list of available payment currencies with the "GET available currencies" method.
UI - Ask a customer to select item/items for purchase to determine the total sum;
UI - Ask a customer to select payment currency
API - Get the minimum payment amount for the selected currency pair (payment currency to your Outcome Wallet currency) with the "GET Minimum payment amount" method;
API - Get the estimate of the total amount in crypto with "GET Estimated price" and check that it is larger than the minimum payment amount from step 4;
API - Call the "POST Create Invoice method to create an invoice. Set "success_url" - parameter so that the user will be redirected to your website after successful payment.
UI - display the invoice url or redirect the user to the generated link.
NOWPayments - the customer completes the payment and is redirected back to your website (only if "success_url" parameter is configured correctly!).
API - You can get the payment status either via our IPN callbacks or manually, using "GET Payment Status" and display it to a customer so that they know when their payment has been processed.
API - you call the list of payments made to your account via the "GET List of payments" method. Additionally, you can see all of this information in your Account on NOWPayments website.
API Documentation
Instant Payments Notifications
IPN (Instant payment notifications, or callbacks) are used to notify you when transaction status is changed.
To use them, you should complete the following steps:
Generate and save the IPN Secret key in Store Settings tab at the Dashboard.
Insert your URL address where you want to get callbacks in createpayment request. The parameter name is ipn\callback\_url. You will receive payment updates (statuses) to this URL address.
You will receive all the parameters at the URL address you specified in (2) by POST request.
The POST request will contain the x-nowpayments-sig parameter in the header.
The body of the request is similiar to a get payment status response body.
Example:
{"paymentid":5077125051,"paymentstatus":"waiting","payaddress":"0xd1cDE08A07cD25adEbEd35c3867a59228C09B606","priceamount":170,"pricecurrency":"usd","payamount":155.38559757,"actuallypaid":0,"paycurrency":"mana","orderid":"2","orderdescription":"Apple Macbook Pro 2019 x 1","purchaseid":"6084744717","createdat":"2021-04-12T14:22:54.942Z","updatedat":"2021-04-12T14:23:06.244Z","outcomeamount":1131.7812095,"outcome_currency":"trx"}
Sort all the parameters from the POST request in alphabetical order.
Convert them to string using
JSON.stringify (params, Object.keys(params).sort()) or the same function.
Sign a string with an IPN-secret key with HMAC and sha-512 key
Compare the signed string from the previous step with the x-nowpayments-sig , which is stored in the header of the callback request.
If these strings are similar it is a success.
Otherwise, contact us on [email protected] to solve the problem.
Example of creating a signed string at Node.JS
const hmac = crypto.createHmac('sha512', notificationsKey);
hmac.update(JSON.stringify(params, Object.keys(params).sort()));
const signature = hmac.digest('hex');
Example of comparing signed strings in PHP
function checkipnrequestisvalid()
{
$error_msg = "Unknown error";
$auth_ok = false;
$request_data = null;
if (isset($SERVER['HTTPXNOWPAYMENTSSIG']) && !empty($SERVER['HTTPXNOWPAYMENTSSIG'])) {
$recivedhmac = $SERVER['HTTPXNOWPAYMENTS_SIG'];
$requestjson = fileget_contents('php://input');
$requestdata = jsondecode($request_json, true);
ksort($request_data);
$sortedrequestjson = jsonencode($requestdata);
if ($requestjson !== false && !empty($requestjson)) {
$hmac = hashhmac("sha512", $sortedrequestjson, trim($this->ipnsecret));
if ($hmac == $recived_hmac) {
$auth_ok = true;
} else {
$error_msg = 'HMAC signature does not match';
}
} else {
$error_msg = 'Error reading POST data';
}
} else {
$error_msg = 'No HMAC signature sent.';
}
}
Recurrent payment notifications
If an error is detected, the payment is flagged and will receive additional recurrent notifications (number of recurrent notifications can be changed in your Store Settings-> Instant Payment Notifications).
If an error is received again during processing of the payment, recurrent notifications will be initiated again.
Example: "Timeout" is set to 1 minute and "Number of recurrent notifications" is set to 3.
Once an error is detected, you will receive 3 notifications at 1 minute intervals.
Several payments for one order
If you want to create several payments for one Order you should do the following:
Create a payment for the full order amount.
Save "purchaseid" which will be in "createpayment" response
Create next payment or payments with this "purchaseid" in "createpayment" request.
Only works for partially_paid payments
It may be useful if you want to give your customers opportunity to pay a full order with several payments, for example, one part in BTC and one part in ETH. Also, if your customer accidentally paid you only part of a full amount, you can automatically ask them to make another payment.
Packages
Please find our out-of-the box packages for easy integration below:
JavaScript package
More coming soon!
Payments

BIN Lookup API

bintable.com
BIN lookup API, the free api service from bintable.com to lookup card information using it's BIN. the service maintains updated database based on the comunity and other third party services to make sure all BINs in the database are accurate and up to date.

Sonar Trading

sonar.trading
Currency Authority: Exchange Rate of 1453 country currencies and crypto currencies

OpenFinTech.io

openfintech.io
Introduction
OpenFinTech.io is an open database that comprises of standardized primary data for FinTech industry.
It contains such information as geolocation data (countries, cities, regions), organizations, currencies (national, digital, virtual, crypto), banks, digital exchangers, payment providers (PSP), payment methods, etc.
It is created for communication of cross-integrated micro-services on "one language". This is achieved through standardization of entity identifiers that are used to exchange information among different services.
UML
UML Domain Model diagram you can find here.
Persistence
Entities are updated not more than 1 time per day.
Terms and Conditions
This OpenFinTech.io is made available under the Open Database License.
Any rights in individual contents of the database are licensed under the Database Contents License.
Contacts
For any questions, please email - [email protected]
Or you can contact us at Gitter
Powered by Paymaxi
Get Started
If you use POSTMAN or similar program which can operate with swagger`s files - just download our spec and import it. Also you can try live API demo.
Overview
The OpenFinTech API is organized around REST. Our API has predictable, resource-oriented URLs, and uses HTTP response codes to indicate API errors.
API is based on JSON API standard. JSON is returned by all API responses, including errors, although our API libraries convert responses to appropriate language-specific objects.
JSON API requires use of the JSON API media type (application/vnd.api+json) for exchanging data.
Additional Request Headers
ACCEPT HEADER
Your requests should always include the header:
If argument height or width is missing API returns original image with real sizes.
Errors
API uses conventional HTTP response codes to indicate the success or failure of an API request. In general, codes in the 2xx range indicate success, codes in the 4xx range indicate an error that failed given the information provided (e.g., a required parameter was omitted, etc.), and codes in the 5xx range indicate an error with OpenFinTech's servers (these are rare).
| Code | Description |
|------|-------------|
| 200 - OK | Everything worked as expected. |
| 400 - Bad Request | The request was unacceptable, often due to missing a required parameter. |
| 401 - Unauthorized | No valid API key provided. |
| 402 - Request Failed | The parameters were valid but the request failed. |
| 404 - Not Found | The requested resource doesn't exist. |
| 409 - Conflict | The request conflicts with another request (perhaps due to using the same idempotent key). |
| 429 - Too Many Requests | Too many requests hit the API too quickly. We recommend an exponential backoff of your requests. |
| 500, 502, 503, 504 - Server Errors | Something went wrong on OpenFinTech's end. (These are rare.) |