OAuth 2.0 Flow
Rippling uses the standard OAuth 2.0 authorization-code flow:1
Install
Your admin installs Toku from the Rippling App Shop and reviews the consent screen, which lists every scope declared on Toku’s App Listing.
2
Exchange
Rippling redirects back to Toku with
?code=..., an authorization code that Toku’s backend exchanges for an access token and refresh token.3
Refresh
Tokens are issued per-company. Toku rotates access tokens automatically using the refresh token — the connection stays live without re-authorization.
Scopes
Rippling scopes follow a per-resource read/write convention: each scope is declared on Toku’s App Listing, shown to your admin at install time, and gates access to the matching endpoints. Toku requests the minimum set needed for stablecoin payroll:
Any call outside the approved scopes is rejected by Rippling. You can revoke Toku’s installation at any time from your Rippling account, which invalidates the company’s tokens.
Environments
Toku is integrated through Rippling’s partner app process in the Developer Portal. See the Rippling REST API documentation to validate any of the calls referenced in this section — note that Rippling’s endpoint-level reference requires a Rippling developer sign-in.
Next
Worker Sync
How Toku reads your worker roster
Payroll Sync
How Toku tracks payroll runs and pay periods
