> For the complete documentation index, see [llms.txt](https://integrations.drivetrain.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://integrations.drivetrain.ai/integration-guide/integrate-with-drivetrain/hris-and-ats/integrating-with-paycor.md).

# Integrating with Paycor

[Prerequisites](#prerequisites)

[Paycor Setup](#paycor-setup)

&#x20;  [Step 1 - Register for the Paycor Developer Portal](#step-1-register-for-the-paycor-developer-portal)

&#x20;  [Step 2 - Create a New Application](#step-2-create-a-new-application)

&#x20;  [Step 3 - Configure Data Access (Scopes)](#step-3-configure-data-access-scopes)

&#x20;  [Step 4 - Configure Security Connections](#step-4-configure-security-connections)

&#x20;  [Step 5 - Activate the Application Against Your Production Tenant](#step-5-activate-the-application-against-your-production-tenant)

[Share Credentials with the Drivetrain Team](#share-credentials-with-the-drivetrain-team)

### Prerequisites

To connect Paycor to Drivetrain, you need:

* Paycor administrator access. You must hold a Company Admin, HR Admin, or Payroll Admin role in Paycor. Without this role, the production activation step will fail with a 403 error.
* An active Paycor subscription for the modules whose data you intend to share (for example: Core HR, Payroll, Time).
* Access to the Paycor Developer Portal at developers.paycor.com. If you have not used the portal before, you will register as part of Step 1 below.
* A secure channel to share credentials with the Drivetrain engineering team. The engineering team will provide a secure intake link. Do not send credentials over plain email or Slack.

### Paycor Setup

Complete the following steps in the Paycor Developer Portal to create and configure an OAuth application that Drivetrain will use to access your data. Once done, you will have four credentials to share with the Drivetrain engineering team: Client ID, Client Secret, Subscription Key, and Legal Entity ID.

#### Step 1 - Register for the Paycor Developer Portal

1. Navigate to <https://developers.paycor.com/join-developer-portal>.
2. Under "Are you an existing Paycor client?" click Get started.
3. Sign in with your Paycor username and password.
4. Select the client(s) you want to be able to activate apps for.
5. Choose an administrator for the Developer Portal account (typically yourself) and click Request Access.
6. Sign out and sign back in. This step is required for your new permissions to take effect.

{% hint style="info" %}
If you do not see the Applications tab after signing back in, your access request is still pending. Wait a few minutes and refresh, or contact your internal Paycor administrator.
{% endhint %}

#### Step 2 - Create a New Application

1. From the Developer Portal home screen, click Applications.
2. Click the + Application button.
3. Enter an application name (recommended: YourCompany – Drivetrain Tap) and select Standard Application as the type.
4. Click Create Application.
5. Immediately copy the Client ID and Client Secret shown in the confirmation pop-up. The Client Secret is shown only once. If you miss it, you will need to regenerate it from the Security Connections tab.
6. Click Got it to dismiss the dialog.

{% hint style="warning" %}
Save your Client Secret now. Paycor does not display it again after this dialog closes. Paste both the Client ID and Client Secret into a secure password manager before continuing. If lost, the secret can be regenerated, but the previous value will stop working immediately.
{% endhint %}

#### Step 3 - Configure Data Access (Scopes)

Scopes control which Paycor objects the integration can read. Configure these on the Data Access tab of your application.

1. Open your application and click the Data Access tab.
2. Click + Scope and give it a descriptive name, for example: native-tap-read.
3. Select the permissions listed in the Required Scopes table below. Apply read-only permissions wherever possible.
4. Click Save.
5. Switch to the General tab and copy the Scope name that now appears. You will need it in Step 5.

### Required Scopes

Enable the following data permissions. If a permission is not listed in your Paycor instance, you do not subscribe to that module. Skip it.

| Object / Domain            | Permission | Why we need it                                                          |
| -------------------------- | ---------- | ----------------------------------------------------------------------- |
| Employees                  | Read       | Core employee records (name, status, hire date, work location, manager) |
| Person / Demographics      | Read       | Contact info, addresses, phone numbers, emergency contacts              |
| Employments / Jobs         | Read       | Job title, FLSA status, employment type, manager hierarchy              |
| Pay Rates                  | Read       | Current and historical pay rate information                             |
| Earnings                   | Read       | Earnings history per pay period                                         |
| Deductions                 | Read       | Pre- and post-tax deductions                                            |
| Taxes                      | Read       | Federal, state, and local tax records                                   |
| Direct Deposits            | Read       | Bank account routing information for verification only                  |
| Departments / Cost Centers | Read       | Organizational structure and reporting hierarchy                        |
| Legal Entities             | Read       | Required for any company-scoped API call                                |
| Time Off Requests          | Read       | PTO balances and time-off events (if Time module enabled)               |
| Time Card Punches          | Read       | Worked-hours data (if Perform Time module enabled)                      |

#### Step 4 - Configure Security Connections

1. Open the Security Connections tab on your application.
2. Copy the APIm Subscription Key. This is the value sent in the Ocp-Apim-Subscription-Key header on every API call. Save it alongside your Client ID and Client Secret.
3. In the Approved Return OAuth URL field, paste this redirect URI : <https://id.drivetrain.ai/auth/callback>
4. Save your changes.

{% hint style="danger" %}
The redirect URI must be an exact match. Paycor checks it character by character.

A trailing slash, mixed casing, or http vs https mismatch will cause an invalid\_grant error during OAuth.
{% endhint %}

#### Step 5 - Activate the Application Against Your Production Tenant

Activation links your application to a specific Paycor legal entity. This step requires Company Admin, HR Admin, or Payroll Admin privileges.

1. Navigate to <https://hcm.paycor.com/AppActivation/ClientActivation>.
2. Enter the Application OAuth Client ID (from Step 2) and the Application Scope name (from Step 3, General tab).
3. Click Initiate.
4. Review the access scopes shown on the confirmation screen. These should match what you configured in Step 3.
5. Click Next.
6. Select the legal entity (client) you want to grant access to, then click Integrate.
7. Record the Legal Entity ID. This is the numeric identifier for the legal entity you selected. The Drivetrain engineering team will need it to scope API calls.

{% hint style="warning" %}
If you see a 403 error, the signed-in user does not have the required administrator role.

Have an authorized administrator complete this step, or request the role from your Paycor account manager.
{% endhint %}

### Share Credentials with the Drivetrain Team

Send the following four values to the Drivetrain team using the secure intake link they provided. Do not share credentials over email, Slack, or any unencrypted channel.

| Credential                | Where to find it                                                                                 |
| ------------------------- | ------------------------------------------------------------------------------------------------ |
| Client ID                 | Application detail page, or the confirmation pop-up shown at creation in Step 2                  |
| Client Secret             | Captured at creation time in Step 2. Can be regenerated on the Security Connections tab if lost. |
| Ocp-Apim-Subscription-Key | Application Security Connections tab (Step 4)                                                    |
| Legal Entity ID           | Recorded during the activation step in Step 5                                                    |


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://integrations.drivetrain.ai/integration-guide/integrate-with-drivetrain/hris-and-ats/integrating-with-paycor.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.