Paylocity · OAuth Scopes

Paylocity OAuth Scopes

OAuth 2.0 searched

Paylocity publishes 1 OAuth 2.0 scope via the clientCredentials flow. Scopes are the fine-grained permissions an application requests at authorization time to act against the Paylocity API on a user’s behalf.

Tokens are issued from https://api.paylocity.com/IdentityServer/connect/token.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

HRPayrollHCMBenefitsWorkforce ManagementTime Tracking
Scopes: 1 Flows: clientCredentials Method: searched

OAuth endpoints

Token URL
https://api.paylocity.com/IdentityServer/connect/token
Flows
clientCredentials

Scopes (1)

ScopeDescriptionFlows
WebLinkAPI Required scope for token requests to the Paylocity Weblink API via the client credentials grant; the scope parameter of the token request must be set to WebLinkAPI.

Source

OAuth Scopes

paylocity-scopes.yml Raw ↑
generated: '2026-07-11'
method: searched
source: openapi/paylocity-openapi.yml
docs: https://developer.paylocity.com/integrations/reference/authentication-weblink
schemes:
- name: oauth2ClientCredentials
  source: openapi/paylocity-openapi.yml
  flows:
  - flow: clientCredentials
    tokenUrl: https://api.paylocity.com/IdentityServer/connect/token
  description: OAuth 2.0 client credentials grant. Credentials are provisioned by Paylocity.
scopes:
- scope: WebLinkAPI
  description: Required scope for token requests to the Paylocity Weblink API via
    the client credentials grant; the scope parameter of the token request must be
    set to WebLinkAPI.
  sources:
  - https://developer.paylocity.com/integrations/reference/authentication-weblink
note: Paylocity's Next Gen Integrations API authentication docs (https://developer.paylocity.com/integrations/reference/authentication)
  use the OAuth 2.0 client credentials grant without documenting granular scopes;
  WebLinkAPI is the only documented scope value, required for the legacy Weblink API
  token request.