Paycor
Paycor is a comprehensive human capital management (HCM) platform that provides HR, payroll, time and attendance, and benefits management solutions. The Paycor connector enables you to access Paycor API endpoints to retrieve employee data, payroll information, time and attendance records, and other HR-related data. This connector is particularly useful for applications that need to extract HR data, integrate payroll information with other systems, analyze workforce data, or build HR analytics and reporting solutions.
Power end-to-end data operations for your Paycor API with Nexla. Our bi-directional Paycor connector is purpose-built for Paycor, making it simple to ingest data, sync it across systems, and deliver it anywhere — all with no coding required. Nexla turns API-sourced data into ready-to-use, reusable data products and makes it easy to send data to Paycor or any other destination. With comprehensive monitoring, lineage tracking, and access controls, Nexla keeps your Paycor workflows fast, secure, and fully governed.
Features
Type: API
- Seamless API Integration: Connect to any endpoint as source or destination without coding, with automatic data product creation
- Visual Composition & Chaining: Build complex integrations using visual templates, chain API calls, and compose workflows with data validation and filtering
- API Proxy: Expose curated slices of your data securely with a secure and customizable API proxy that validates and transforms data on the fly
- Request optimization with intelligent batching, retry, and caching to minimize API calls and costs
Prerequisites
Before creating a Paycor credential, you'll need to create an application in the Paycor Developer Portal and obtain OAuth 2.0 credentials (Client ID and Client Secret) along with an APIM Subscription Key. Paycor requires dual authentication: OAuth 2.0 Bearer token + APIM Subscription Key header. Both are mandatory for all API requests.
To obtain Paycor API credentials:
-
Log in to the Paycor Developer Portal with your Paycor account credentials.
-
Navigate to My Apps or Applications section in the developer portal.
-
Click Create Application or New Application to create a new application for API access.
-
Fill in the application details including name, description, and other required information.
-
After creating the application, you'll receive a Client ID and Client Secret. Copy these credentials immediately, as the Client Secret may only be displayed once.
-
Navigate to Security Connections or API Management section in your Paycor account settings.
-
Locate the APIM Subscription Key section. This key is required for all API requests and must be sent as the
ocp-apim-subscription-keyheader. -
Copy the APIM Subscription Key. Store it securely, as you'll need it for all API requests.
-
Note your Legal Entity ID (also known as Client ID). This is the unique identifier for your Paycor company/legal entity and is required for data access. You can find this in your Paycor account settings or by contacting Paycor support.
-
Configure Data Access scopes for your application. Ensure your application has the necessary permissions to access the data you need (e.g., employee data, payroll information, time and attendance).
Alternatively, Paycor supports authentication using a pre-generated Access Token together with the APIM Subscription Key, if you already have an access token issued by Paycor.
Paycor requires dual authentication: OAuth 2.0 Bearer token + APIM Subscription Key header. Both are mandatory for all API requests. The OAuth 2.0 credentials are used to obtain an access token, which is then sent as a Bearer token in the Authorization header. The APIM Subscription Key must be sent as the ocp-apim-subscription-key header in all requests. The Legal Entity ID is required to access company-specific data.
For detailed information about Paycor API authentication and application setup, refer to the Paycor Developer Guides.
Authenticate
Credentials required
- OAuth 2.0 (Client Credentials)
- Access Token + APIM Key
OAuth 2.0 with APIM Subscription Key - dual authentication required for Paycor API access
| Field | Required | Secret | Description |
|---|---|---|---|
| Client ID | Yes | No | Your Paycor application Client ID from the Developer Portal |
| Client Secret | Yes | Yes | Your Paycor application Client Secret from the Developer Portal |
| APIM Subscription Key | Yes | Yes | Required APIM Subscription Key from Security Connections tab - sent as ocp-apim-subscription-key header |
| Legal Entity ID | Yes | No | Your Paycor Legal Entity ID (Client ID) for the specific company data access |
Alternative authentication using Access-Token header with APIM Subscription Key
| Field | Required | Secret | Description |
|---|---|---|---|
| Access Token | Yes | Yes | Pre-generated Access Token from Paycor (if you have one) |
| APIM Subscription Key | Yes | Yes | Required APIM Subscription Key from Security Connections tab - sent as ocp-apim-subscription-key header |
| Legal Entity ID | Yes | No | Your Paycor Legal Entity ID (Client ID) for the specific company data access |
Create a credential in Nexla
- After selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.
New Credential Overlay – Paycor

-
Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.
-
In the Client ID field, enter the Client ID that you obtained from your Paycor application in the Developer Portal. This is the unique identifier for your registered application.
-
In the Client Secret field, enter the Client Secret that you obtained from your Paycor application in the Developer Portal. This is the secret value used to obtain OAuth 2.0 access tokens.
The Client Secret is sensitive information and should be kept secure. If you've lost your Client Secret, you'll need to generate a new one in your Paycor Developer Portal application settings.
-
In the APIM Subscription Key field, enter the APIM Subscription Key that you obtained from the Security Connections section of your Paycor account. This key is required for all API requests and must be sent as the
ocp-apim-subscription-keyheader.The APIM Subscription Key is sensitive information and should be kept secure. This key is mandatory for all Paycor API requests and must be included in the request headers.
-
In the Legal Entity ID field, enter your Paycor Legal Entity ID (Client ID) for the specific company data access. This is the unique identifier for your Paycor company/legal entity and is required to access company-specific data.
To authenticate with a pre-generated access token instead of OAuth 2.0 Client Credentials, select the Access Token + APIM Key method and enter your token in the Access Token field, along with your APIM Subscription Key and Legal Entity ID.
-
Once all of the relevant fields have been completed, click the Save button at the bottom of the overlay to save the configured credential. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.
Use as a data source
To create a new data flow, navigate to the Integrate section, and click the New Data Flow button. Select the Paycor connector tile, then select the credential that will be used to connect to the Paycor API, and click Next; or, create a new Paycor credential for use in this flow.
Endpoint templates
Nexla provides pre-built templates that can be used to rapidly configure data sources to ingest data from common Paycor API endpoints. Each template is designed specifically for the corresponding Paycor API endpoint, making data source setup easy and efficient. Select the endpoint from which this source will fetch data from the Endpoint pulldown menu. Available endpoint templates are listed in the expandable boxes below.
Once the selected endpoint template has been configured, click the Test button to the right of the endpoint selection menu to retrieve a sample of the data that will be fetched. Sample data will be displayed in the Endpoint Test Result panel on the right, allowing you to verify that the source is configured correctly before saving.
Manual configuration
Paycor data sources can also be manually configured to ingest data from any valid Paycor API endpoint, including endpoints not covered by the pre-built templates, chained API calls, or custom request parameters. Select the Advanced tab at the top of the configuration screen, and follow the instructions in Connect to Any API to configure the API method, endpoint URL, path to data, request headers, and other settings.
Paycor API endpoints typically follow the pattern https://apis.paycor.com/v1/{resource}, where {resource} is the specific endpoint path. Paycor API requires dual authentication: OAuth 2.0 Bearer token in the Authorization header and APIM Subscription Key in the ocp-apim-subscription-key header, both automatically included from your credential. For nested JSON responses, common Paycor data paths include $.records[*] for arrays of records or $ for the entire response.
Once all of the relevant settings have been configured, click the Create button in the upper right corner of the screen to save and create the new Paycor data source. Nexla will now begin ingesting data from the configured endpoint and will organize any data that it finds into one or more Nexsets.
Use as a destination
Click the + icon on the Nexset that will be sent to the Paycor destination, and select the Send to Destination option from the menu. Select the Paycor connector from the list of available destination connectors, then select the credential that will be used to connect to the Paycor instance, and click Next; or, create a new Paycor credential for use in this flow.
Manual configuration
Paycor destinations can be manually configured to send data to any valid Paycor API endpoint. Select the Advanced tab at the top of the configuration screen, and follow the instructions in Connect to Any API to configure the API method, endpoint URL, request headers, and request body template.
Paycor API endpoints typically follow the pattern https://apis.paycor.com/v1/{resource}, where {resource} is the specific endpoint path. Paycor API requires dual authentication: OAuth 2.0 Bearer token in the Authorization header and APIM Subscription Key in the ocp-apim-subscription-key header, both automatically included from your credential, and Content-Type is typically set to application/json for ingestion endpoints. For most Paycor ingestion endpoints, the default request body template {message.json} sends the entire record as JSON; customize it if an endpoint requires a specific structure.
Save & activate
Once all of the relevant steps in the above sections have been completed, click the Create button in the upper right corner of the screen to save and create the new Paycor destination. Nexla will now begin sending data to the configured endpoint according to your data flow schedule.