# DailyPay API Access Overview

DailyPay adheres to the [OAuth 2.0 RFC 6749](https://datatracker.ietf.org/doc/html/rfc6749) and [OpenID Connect](https://openid.net/specs/openid-connect-core-1_0.html) specifications. This document will walk you through the steps to get an access token your application can use to make requests to the DailyPay REST API.

We support the following methods:

- [Authorization Code Flow](/guides/auth/authorization-code-flow): This method is suitable when access to resources requires user consent, facilitating user consent and enabling your application to perform actions on their behalf.
> For instance, retrieve [account details](/products/rest/reference/accounts/listaccounts) or initiate a [transfer](/products/rest/reference/transfers/createtransfer).
- [Client Credential Flow](/guides/auth/client-credentials-flow): This method is suitable for server-to-server operations, where additional levels of user consent may not be required.
> For instance, you can utilize the [Organizations endpoint](/products/rest/reference/organizations/readorganization) to view connected employer organizations.


## Before You Begin

### 1. Register your Application

Your DailyPay contact will ask you to provide

- a callback url that can receive the code result of the OAuth 2.0 authorization code flow
- links to your privacy policy and terms of service
- optionally, a logo for use on the OAuth consent screen


details
summary
OpenID Connect (OIDC)
- For additional security, you may be asked to provide DailyPay with a JSON Web Key Set (JWKS) or url for retrieving your JWKS to utilize signed OIDC requests.


### 2. Configure

p
DailyPay will provide configuration values for your application:
ul
li
code
client_id
li
code
client_secret
, if applicable
li
code
scope
a list of scopes your application can request, which may include "offline_access" and "openid"
li
code
redirect_uri
 the registered callback url you provided