Skip to main content
Toku connects to Deel as an authorized Deel App Store application using Deel’s OAuth 2.0 flow. Your Deel admin authorizes the connection once — no API keys are copied or stored by your team.

OAuth 2.0 Flow

1

Authorize

From the Toku dashboard, your admin is redirected to Deel’s consent screen, which lists every scope Toku requests.
2

Exchange

Deel redirects back with an authorization code, which Toku’s backend exchanges for an access token and refresh token.
3

Refresh

Access tokens live for 30 days. Toku rotates them automatically using Deel’s single-use refresh tokens — the connection stays live without re-authorization.
Authenticated requests are sent over HTTPS and carry the token as a bearer header alongside Toku’s client identifier — Deel requires both:

Scopes

Deel enforces granular scopes in the {resource}:read / {resource}:write format. Toku requests the minimum set needed for stablecoin payroll: Any call outside these scopes is rejected by Deel. You can revoke Toku’s authorization at any time from your Deel account, which immediately invalidates all tokens.

Environments

Toku is integrated through the Deel Developer Platform partner process as a Deel App Store application. See Deel’s authentication docs and OAuth reference to validate any of the calls referenced in this section.

Next

People Sync

How Toku reads your worker roster

Payroll Sync

How Toku tracks payroll cycles and payslips