Skip to main content
Toku connects to Rippling as a partner app built in the Rippling Developer Portal and published as an App Listing in the Rippling App Shop. Your Rippling admin installs the app once and consents to the declared scopes — no API keys are copied or stored by your team.

OAuth 2.0 Flow

Rippling uses the standard OAuth 2.0 authorization-code flow:
1

Install

Your admin installs Toku from the Rippling App Shop and reviews the consent screen, which lists every scope declared on Toku’s App Listing.
2

Exchange

Rippling redirects back to Toku with ?code=..., an authorization code that Toku’s backend exchanges for an access token and refresh token.
3

Refresh

Tokens are issued per-company. Toku rotates access tokens automatically using the refresh token — the connection stays live without re-authorization.
Authenticated requests to the Rippling REST API carry the token as a bearer header:

Scopes

Rippling scopes follow a per-resource read/write convention: each scope is declared on Toku’s App Listing, shown to your admin at install time, and gates access to the matching endpoints. Toku requests the minimum set needed for stablecoin payroll: Any call outside the approved scopes is rejected by Rippling. You can revoke Toku’s installation at any time from your Rippling account, which invalidates the company’s tokens.

Environments

Toku is integrated through Rippling’s partner app process in the Developer Portal. See the Rippling REST API documentation to validate any of the calls referenced in this section — note that Rippling’s endpoint-level reference requires a Rippling developer sign-in.

Next

Worker Sync

How Toku reads your worker roster

Payroll Sync

How Toku tracks payroll runs and pay periods