GuidesAPI ReferenceChangelog
Guides

Managing worker tokens

Learn how to manage worker tokens using the Deel API

Suggest Edits

Worker tokens allow an organization to access a worker's data and perform actions on their behalf. This is useful when an organization wants to build a solution that allows workers to perform actions like signing contracts, adding additional personal information, or performing KYC identity verification. Using worker tokens, organizations can have users performing such actions on custom-built solutions without having to request workers, who may not have the technical skills to do so, to retrieve their own tokens.

This article explains how to manage worker tokens using the Deel API.

Before you begin

Before starting to manage worker tokens using the Deel API, here's some things to consider:

  • Worker tokens expire in 24 hours
  • In order to obtain a worker token, the organization token used in the request must have the admin:worker scope. Make sure you add this scope when creating the token.

Create a worker token

Worker tokens are short-lived credentials that allow workers to securely perform specific actions on a custom-built application. This is especially useful when your application enables workers to take direct action without requiring them to log in via the Deel UI.

To generate a worker token, make a POST request to the Create worker access token endpoint and include the worker's profile ID in the request body.

Here's an example of the request body:

curl --location 'https:/https://api.letsdeel.com/rest/v2/workers/session' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {TOKEN_WITH_'ADMIN:WORKER'_SCOPE} \
--data '{
    "data": {
        "profile_id": "{WORKER_PROFILE_ID}"
    }
}'

A successful request returns a JSON object containing the worker token and its expiration timestamp. You can now use this to authenticate requests on behalf of the worker.

{
  "data": {
    "token": "{WORKER_ACCESS_TOKEN}",
    "expires_at": "2025-05-17T13:31:27.957Z"
  }
}

Delete a worker token

If you need to revoke a worker token before it expires, you can do so manually. This might be necessary if access needs to be restricted immediately due to a change in user status or a security concern.

To revoke a token, make a DELETE request to the Delete worker access token endpoint, passing the worker's profile ID as a path parameter.

Here's a sample request:

curl --location --request DELETE 'https:/https://api.letsdeel.com/rest/v2/workers/{WORKER_PROFILE_ID}/session' \
--header 'Authorization: Bearer {TOKEN_WITH_'ADMIN:WORKER'_SCOPE}' \

A successful request returns a 204 No Content status, indicating the token was successfully deleted.

Updated 3 months ago