generated: '2026-07-11' method: derived source: openapi/charliehr-openapi.yml docs: https://www.charliehr.com/api_docs/ note: CharlieHR does not publish OAuth scopes - the API docs (https://www.charliehr.com/api_docs/) show every endpoint authenticated with company-level client credentials sent as an Authorization header (Token token=client_id:client_secret), with no scope or permission-level system documented. schemes: - name: oauth2 source: openapi/charliehr-openapi.yml flows: - flow: clientCredentials tokenUrl: https://charliehr.com/oauth/token description: OAuth 2.0. A Client ID and Client Secret issued in the CharlieHR app are exchanged for an access token, which is sent in the Authorization header of each request. scopes: []