Authenticate to the ADP API using OAuth 2.0 client_credentials with mutual TLS (mTLS); obtain a signed certificate from ADP and present it during the TLS handshake alongside your client ID and secret.
Obtain an access token from the ADP token endpoint and include it as a Bearer token in subsequent API requests.
Access to the Time and Labor Management APIs requires the ADP API Central add-on to be provisioned for the customer's Workforce Now account; confirm this with the account admin.
GET the time entries resource for a specific associate or date range using the endpoint path documented in the TLM API Guide on developers.adp.com.
Parse the time entry records, which include clock-in/clock-out pairs, work rule assignments, and labor cost allocation fields.
Respect API rate limits; the ADP API enforces throttling and will return HTTP 429 responses when limits are exceeded.
Known gotchas
ADP requires mTLS in addition to OAuth; a standard OAuth client_credentials flow without the client certificate will be rejected at the TLS layer.
ADP API Central (the add-on that enables API access) is a separately purchased product; customers without it cannot access time and attendance data via API regardless of credentials.
The ADP API operates in both sandbox and production environments with different base URLs and certificates; test integrations in the sandbox before requesting production credentials.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp