Representational State Transfer (REST) API Integration¶
This document contains details about setting up an integration to a Third Party Payroll Vendor using Representational State Transfer (REST) API Integration.
Concept of the integration and the data flow between IFS and CloudPay is shown below.
IAM Client Creation¶
There is a predefined IAM client created for the Integration. In addition user can create optional IAM client according to the need.
- Predefined IAM Client is called IFS_criterion.
- More details of the IAM Clients can be found on Solution Manager > Users and Permissions > Identity and Access Manager > IAM Client Details.
IAM client should be Enabled and Service Accounts should be switched on.
Directory ID can be found under Service Account User field. (This is needed under the step User and Person Creation)
- Steps on create new IAM Client can be found under - Create New IAM Client
There are predefined Permission Sets created for the Integration. Users created under the User and Person Creation step need to be assigned with the below Permission Sets.
EMPLOYEE_INTEGRATION_USER - Used to grant access to EmployeeMasterDataService projection.
PAYROLL_INTEGRATION_USER - Used to grant access to PayrollTransactionService projection.
User and Person Creation¶
A User and a Person need to be created and connected to the IAM Client created in the step IAM Client Creation and the permission sets mentioned in the Permission Sets step need to be assigned to the newly created User.
A new User can create from Solution Manager > Users and Permissions > Users > User.
User and IAM Client need to be connected by adding the Service Account of the IAM client into the Directory ID field in the User. For the Predefined IAM Client IFS_criterion, the corresponding Service Account can be found under the Directory ID field.
- Select the User Type as Service User.
- Enable the Create Person toggle to create person together with the User ID. Both the User and the Person have the same ID.
- Grant the Predefined Permission Sets mentioned under the step Permission Sets to the User.
Giving Access to the Company¶
Created User need to have access to the Companies of which the Payroll data need to be transferred to the third party Payroll Vendor.
Add the User to the required Companies in the page Accounting Rules > User Related Data > Users per Company.
Add Person Access to the required Organizations of which the Payroll data need to be transferred for each of the required Companies. Organization access is granted from the page Human Capital Management > HCM Services > Organization Management > Graphical Organization Structure.
Required Information to Integrate with a Payroll Provider¶
Following information is required when setting up the Integration on the third party Payroll Vendor side.
- Access Token URL - To get access token url go to Solution Manager > Integration > API Explorer and select EmployeeMasterDataService projection. Then select API Doc in Documentation dropdown.
This will open the REST API Documentation for the EmployeeMasterDataService projection. Then click on Connect URL and get the token_endpoint URL.
- Client ID - This is the IAM Client ID which is created under the step IAM Client Creation.
- Client Secret - To get the client secret go to Solution Manager > Users and Permissions > Identity and Access Manager > IAM Client Details and select the created IAM Client. Then get the value from the field Secret.