OAuth 2.0 Flow
1
Authorize
From the Toku dashboard, your admin is redirected to Deel’s consent screen, which lists every scope Toku requests.
2
Exchange
Deel redirects back with an authorization code, which Toku’s backend exchanges for an access token and refresh token.
3
Refresh
Access tokens live for 30 days. Toku rotates them automatically using Deel’s single-use refresh tokens — the connection stays live without re-authorization.
Scopes
Deel enforces granular scopes in the{resource}:read / {resource}:write format. Toku requests the minimum set needed for stablecoin payroll:
Any call outside these scopes is rejected by Deel. You can revoke Toku’s authorization at any time from your Deel account, which immediately invalidates all tokens.
Environments
Toku is integrated through the Deel Developer Platform partner process as a Deel App Store application. See Deel’s authentication docs and OAuth reference to validate any of the calls referenced in this section.
Next
People Sync
How Toku reads your worker roster
Payroll Sync
How Toku tracks payroll cycles and payslips
