Skip to main content

About Justworks

Justworks is a Professional Employer Organization (PEO) and HR platform that simplifies payroll, benefits, compliance, and HR for businesses. It provides tools for managing employee data, running payroll, tracking time off, and handling deductions.

What the Justworks integration enables

CapabilityDescription
Workflow AutomationBuild Serval workflows to automate anything accessible via the Justworks API
All resources exposed by the Justworks API are available to Serval workflows using OAuth 2.0 authentication.

Justworks configuration (in Justworks)

Prerequisites

Before configuring the Justworks integration in Serval, ensure you have:
  • An active Justworks account with administrator access
  • An OAuth application created by the Justworks team (see below)

Request an OAuth application

Creation of OAuth applications for the Justworks API is not self-service. You must contact the Justworks team to have one created for you.
When requesting your OAuth application, you will need to provide Justworks with the following:
InformationRequiredDescription
Redirect URIYeshttps://svflow-auth-config.api.serval.com/justworks/oauth/callback
ScopesYesThe set of data your application needs access to (see Available Scopes below)
NameYesHow you want your app identified to customers (typically your company or product name)
Logo URLNoA logo shown to customers during authorization
Terms of Service URLNoLink to your terms of service
Privacy Policy URLNoLink to your privacy policy
If you are using a self-hosted Serval deployment, your redirect URI will be different. Use https://svflow-auth-config.api.<your-domain>/justworks/oauth/callback, replacing <your-domain> with your Serval instance domain.
Once the Justworks team creates your application, you will receive a Client ID and Client Secret.
Store your Client ID and Client Secret securely. Treat the Client Secret like a password — anyone with access to these credentials can initiate OAuth flows on behalf of your application.

Available scopes

Justworks API scopes control which data and operations your integration can access. Select only the scopes your workflows require when requesting your OAuth application.
Some scopes have parent/child relationships:
  • company.detail:read includes company.basic:read
  • member.detail:read includes member.basic:read
  • deductions:write includes deductions:read
ScopeDescription
company.basic:readRead basic company information (name, ID)
company.detail:readRead detailed company info including addresses, departments, and offices (includes basic)
company.bank_account:readRead company bank account information
ScopeDescription
member.basic:readRead basic member information (name, emails)
member.detail:readRead detailed member info including addresses, phones, and department (includes basic)
member.dob:readRead member date of birth
member.sex:readRead member sex assigned at birth
member.employment:readRead employment history and current employment status
member.pay:readRead pay rate, pay basis, and pay history
member.tax_id:readRead member Social Security Number
ScopeDescription
payroll:readRead payroll information and fees
paystub:readRead paystub details including earnings and deductions
deductions:readRead employee deductions
deductions:writeCreate, update, and cancel deductions (includes read)
ScopeDescription
time_off:readRead time off policies, requests, and balances
For a typical HR automation setup, we recommend requesting these scopes at minimum:
ScopePurpose
company.basic:readVerify the connection and retrieve company info
company.detail:readAccess departments and office locations
member.basic:readAccess employee names and emails
member.detail:readAccess full employee profiles
member.employment:readAccess employment status and history
time_off:readAccess time off policies and balances

Serval configuration

Once you have your Justworks OAuth application credentials (Client ID and Client Secret), follow these steps to connect the integration in Serval.
1

Navigate to Justworks integration

  1. In Serval, go to Applications → Available → Justworks
  2. Click Connect
  3. The Justworks configuration dialog will appear
2

Enter your OAuth credentials

Fill in the following fields:
FieldDescription
Client IDThe Client ID provided by Justworks when your OAuth application was created
Client SecretThe Client Secret provided by Justworks when your OAuth application was created
3

Select permissions

Choose the permission presets that match the data your workflows need. Each preset maps to one or more Justworks OAuth scopes:
PresetDescriptionScopes included
Company InformationRead company details, departments, and officescompany.basic:read, company.detail:read
Member InformationRead employee/member details and contact infomember.basic:read, member.detail:read
Employment DataRead employment history and job informationmember.employment:read
Time OffRead time off policies, requests, and balancestime_off:read
Payroll & PaystubsRead payroll runs and paystub detailspayroll:read, paystub:read
CompensationRead pay rates, salary, and compensation detailsmember.pay:read
Deductions (Read & Write)Manage employee deductionsdeductions:write
Sensitive Member DataDate of birth, sex, and Tax ID (SSN)member.dob:read, member.sex:read, member.tax_id:read
Company Bank AccountRead company bank account informationcompany.bank_account:read
Company Information, Member Information, Employment Data, and Time Off are selected by default. Add additional presets based on your workflow requirements.
The scopes you select here must be enabled on your Justworks OAuth application. If you need scopes that were not included when the application was created, contact the Justworks team to update your application before connecting.
4

Authorize with Justworks

  1. Click Connect to Justworks
  2. You will be redirected to Justworks at payroll.justworks.com to log in and authorize the connection
  3. Review the requested permissions and click Authorize
  4. After authorization, you will be redirected back to Serval and the integration will be active

Token management

Justworks uses short-lived access tokens with refresh tokens to maintain the connection.
Token typeLifetime
Access token24 hours
Refresh token30 days
Serval automatically refreshes your access token before it expires, so no manual action is required. As long as your workflows run at least once within the 30-day refresh token window, the connection will remain active indefinitely.
If the integration is not used for more than 30 days, the refresh token will expire and you will need to reconnect by completing the OAuth flow again.

Healthchecks

After connecting, the following healthchecks verify your integration is working correctly:
CheckDescriptionRequired Scope
Get Company InformationVerifies access to company datacompany.basic:read
List Company MembersConfirms access to member recordsmember.basic:read
List Company DepartmentsConfirms access to department datacompany.detail:read
List Time Off PoliciesConfirms access to time off datatime_off:read

Using Justworks in workflows

Once connected, you can use Justworks in your Serval workflows to automate HR and payroll processes:
  • Employee management: Retrieve member data, list employees, and access contact information
  • Company data: Access company details, departments, and office locations
  • Employment tracking: View employment history, current status, and job information
  • Time off management: Retrieve time off policies, requests, and balances
  • Payroll information: Access payroll runs and paystub details
  • Compensation data: View pay rates and compensation history
  • Deductions management: Read, create, update, and cancel employee deductions
The Justworks integration provides access to all endpoints in the Justworks API. Explore the API documentation to discover all available capabilities.

Troubleshooting

OAuth authorization failed

  • Verify that the Client ID and Client Secret you entered match the credentials provided by Justworks
  • Ensure your OAuth application is active with the Justworks team
  • Check that the scopes you selected in Serval are enabled on your Justworks OAuth application

Permission denied errors

  • Confirm that the scopes you selected during connection are enabled on your Justworks OAuth application
  • If you need additional scopes, contact the Justworks team to update your application, then reconnect in Serval

Connection stopped working

  • Access token expired: Serval refreshes access tokens automatically. If refreshes are failing, try reconnecting.
  • Refresh token expired: Refresh tokens expire after 30 days of inactivity. If the integration has been idle for more than 30 days, reconnect by completing the OAuth flow again.
  • OAuth application revoked: If the Justworks OAuth application was revoked or modified, you will need new credentials from the Justworks team and must reconnect in Serval.

Need to update scopes

To change the scopes for an existing connection:
  1. Contact the Justworks team to update the scopes on your OAuth application
  2. Disconnect the existing Justworks integration in Serval
  3. Reconnect and select the updated permission presets
Need help? Contact support@serval.com for assistance with your Justworks integration.