User Accounts

Roles & Access Levels

The RetroTax system defines two types of roles for integration partners:

Hiring Managers
Employees

API integrations will primarily manage users assigned with a hiring manager role. When a hiring manager is created in the RetroTax system, it is assigned an access level, which can be one of three levels: client, company, or location (CCL). As illustrated below, the access level will vary based on your integration's setup and whether you're managing multiple clients with multiple companies and locations or a single client with multiple companies and locations or a single CCL.

Client Level User Account

This diagram illustrates a client-level API user account. In this scenario, Client-Mart's API key can make requests on behalf of any of the client's associated companies and companies' locations. For example, Client-Mart can create a new record on behalf of Company-Mart-1, list the required documents for employee 8675309 in Company-Mart-2, or run a compliance report for Company-Mart-2's Location-Mart-B.

Company Level User Account

This diagram illustrates a company-level API user account. In this scenario, Company-Mart-2's API key can make requests on behalf of any of the company's associated locations. For example, Company-Mart-2 can create a new record on behalf of Location-Mart-Y, list the required documents for employee 8675309 in Company-Mart-2, or run a compliance report for Company-Mart-2's Location-Mart-Z. However, this api key cannot make requests to other companies or other companies' locations, regardless of being a part of the same parent entity (Client). As the diagram illustrates, requests made to any entity shaded in red will fail.

Location Level User Account

This diagram illustrates a location-level API user account. In this scenario, Location-Mart-Z's API key can only make requests on behalf of itself and the employees within that location. For example, Location-Mart-Z can create a new record on behalf of Location-Mart-Z, list the required documents for its employees, or run a compliance report for itself. However, this api key cannot make requests to other companies or even locations within the same parent company,Location-Mart-Y. As the diagram illustrates, requests made to any entity shaded in red will fail.