Skip to main content
Toku connects to the Paychex APIs using OAuth 2.0 client credentials issued through the Paychex developer program. Access is provisioned per company — there are no self-serve API keys, and none are copied or stored by your team.

OAuth 2.0 Client Credentials Flow

1

Provision

Toku’s connection is provisioned through the Paychex partner program and authorized for your company by your Paychex administrator during onboarding.
2

Authenticate

Toku’s backend exchanges its client ID and secret for a bearer access token using the client credentials grant.
3

Renew

Access tokens are short-lived. There is no refresh-token flow — Toku simply re-acquires a token automatically when one expires, so the connection stays live without any action from your team.
Authenticated requests carry the token as a bearer header:

Access & Provisioning

Paychex provisions API access through its developer and partner program rather than granular self-service scopes: Your Paychex administrator can revoke Toku’s company authorization at any time, which immediately cuts off API access.

Environments

Toku is integrated through the Paychex Developer Program and listed in the Paychex Marketplace. See the Paychex API Developer Center to validate any of the calls referenced in this section.

Next

Worker Sync

How Toku reads your worker roster

Payroll Sync

How Toku tracks pay periods and checks