Register an OAuth client at https://once.deputy.com/my/oauth_clients to obtain a Client ID and Client Secret.
Direct the user through the OAuth 2.0 authorization code flow; exchange the authorization code for an access token and refresh token at the Deputy token endpoint.
Store the access token and use it as a Bearer token in the Authorization header for all subsequent requests to your install-specific base URL: https://{install}.{geo}.deputy.com/api/v1.
Query the Timesheet resource (GET /resource/Timesheet/QUERY) with a date-filter payload specifying start and end epoch timestamps to retrieve timesheet records.
Page through results—Deputy caps list responses at 500 records per page—using offset/limit parameters until all records are collected.
Use the refresh token to obtain a new access token before the current one expires; do not hard-code token lifetimes as they are returned in the token response.
Known gotchas
Each Deputy customer has a unique subdomain-based install URL (e.g., yourcompany.au.deputy.com); using the wrong base URL returns 404 errors rather than auth failures.
Permanent tokens are available as a simpler alternative to OAuth but are tied to a single user account and carry that user's permission scope—not suitable for multi-tenant integrations.
The Resource API uses POST for queries (not GET), with filter criteria in the request body; using GET for filtered queries returns unfiltered results.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp