DailyPay adheres to the OAuth 2.0 RFC 6749 and OpenID Connect specifications. This document will walk you through the steps to get an access token your application can use to make requests to the DailyPay Public REST API.
We support the following methods:
Authorization Code Flow: This method is suitable when access to resources requires user consent, facilitating user consent and enabling your application to perform actions on their behalf.
For instance, retrieve account details or initiate a transfer.
Client Credential Flow: This method is suitable for server-to-server operations, where additional levels of user consent may not be required.
For instance, you can utilize the Organizations endpoint to view connected employer organizations.
Your DailyPay contact will ask you to provide
- a callback url that can receive the
coderesult of the OAuth 2.0 authorization code flow - links to your privacy policy and terms of service
- optionally, a logo for use on the OAuth consent screen
OpenID Connect (OIDC)
- For additional security, you may be asked to provide DailyPay with a JSON Web Key Set (JWKS) or url for retrieving your JWKS to utilize signed OIDC requests.
DailyPay will provide configuration values for your application:
client_idclient_secret, if applicablescopea list of scopes your application can request, which may include "offline_access" and "openid"redirect_urithe registered callback url you provided