Request an Access Token

Dayforce RESTful Web Services Developer Guide
Version
R2025.2.1
ft:lastPublication
2025-11-05T18:19:39.327058
Request an Access Token

An access token can be retrieved with an API request to Dayforce Identity servers.

To retrieve an access token, you must make a POST request to any of the following URLS:

  • Production: https://dfid.dayforcehcm.com/connect/token
  • Test: https://dfidtst.np.dayforcehcm.com/connect/token

The following parameters must be included in the body of your request:

  • Grant_type: Value is always password.
  • CompanyId: Client namespace, used to connect to Dayforce UI or APIs.
  • Username: Name of the Dayforce user dedicated to Web Services calls.
  • Password: Password of the specific user.
  • Client_Id: Scope of the token, the value is always Dayforce.HCMAnywhere.Client.

After you request an access token, the Dayforce Identity server verifies the credentials you provided in the request. If the credentials are successfully verified, the server returns a JSON Web Token that contains the access token needed to request Dayforce APIs. The JSON Web Token also contains the scope of the access token as well as the number of seconds it will remain valid.

The following example illustrates the corresponding Curl script for a token request:

curl--location--request POST "https://dfid.dayforcehcm.com/connect/token"--header "Content-Type: application/x-www-form-urlencoded"--data-urlencode "grant_type=password"--data-urlencode "companyId=Company123"--data-urlencode "username=WebServiceUser123"--data-urlencode "password=?@55w0rD"--data-urlencode "client_id=Dayforce.HCMAnywhere.Client"

The following is an example of a JSON Web Token response:

{

  "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjYwMkZDQTBGNDk3NEUzMUE5OEEyNDBDN0QyNDA5QTFFRTU1MzE1RTQiLCJ0eXAiOiJhdCtqd3QiLCJ4NXQiOiJZQ19LRDBsMDR4cVlva0RIMGtDYUh1VlRGZVEifQ.eyJuYmYiOjE1OTIyNTgwMDksImV4cCI6MTU5MjI2MTYwOSwiaXNzIjoiaHR0cHM6Ly9kZmlkcWEubnAuZGF5Zm9yY2VoY20uY29tIiwiYXVkIjpbImRmLmhjbWFueXdoZXJlLmNsaWVudCIsImh0dHBzOi8vZGZpZHFhLm5wLmRheWZvcmNlaGNtLmNvbS9yZXNvdXJjZXMiXSwiY2xpZW50X2lkIjoiRGF5Zm9yY2UuSENNQW55d2hlcmUuQ2xpZW50Iiwic3ViIjoiMTAwMUBNRkFSVFhfMTk3NzUuZGF5Zm9yY2UuY29tIiwiYXV0aF90aW1lIjoxNTkyMjU4MDA5LCJpZHAiOiJsb2NhbCIsImRmLnVzZXJpZCI6IjEwMDEiLCJkZi5ucyI6Ik1GQVJUWF8xOTc3NSIsInByZWZlcnJlZF91c2VybmFtZSI6IkNBZG1pbiIsImRmLmN1bHR1cmUiOiJ7XCJJZFwiOjEwMzMsXCJDb2RlXCI6XCJlbi1VU1wifSIsInNjb3BlIjpbImRheWZvcmNlIiwib3BlbmlkIiwicHJvZmlsZSIsImRmLmhjbWFueXdoZXJlLmNsaWVudCJdLCJhbXIiOlsicGFzc3dvcmQiXX0.kyBxU_aPTm2Lec4yZDZ4niVlPVuEN5VoqjMa7r3e6sKrrkawi_8Hd3WWMFUchLnj90_YWNKfWY0yB1H9wfzmC2Vi250TXTIXgyKI3d3F9rEt-kJUj2VF5-C7jvfQmMZLDK_B-HGemG5oWTgRdjKS1W81q-g39cwj_mcnIZQ9QhTn7PmtbzS0vMgBnawWCfZFDd1RnXpNZn-gAQteLGl4h_HcjsJGj7ZX_uX4jy1TYFsn96exd1xXi_sAcxtOXgrF21t3bJgKC_wmTzXSnonrS81cFxeRpedXNhLTFersA7XWW8hnsscDEJNy5Fh9wepqXXTEkIzutQ-Uv0wKailaMg",

  "expires_in": 3600,

  "token_type": "Bearer",

  "scope": "dayforce df.hcmanywhere.client openid profile"

Note: The value of the expires_in parameter indicates the number of seconds that the access token will remain valid. The standard duration is 3,600 seconds. You can request a new token when needed.