generated: '2026-07-15' method: generated source: openapi/justworks-company-api-openapi.yml, openapi/justworks-deductions-api-openapi.yml, openapi/justworks-members-api-openapi.yml, openapi/justworks-oauth-api-openapi.yml, openapi/justworks-payroll-api-openapi.yml, openapi/justworks-time-off-api-openapi.yml, openapi/justworks-webhooks-api-openapi.yml description: Recommended x-agentic-access execution contracts, classified heuristically from the OpenAPI. A governance starting point for exposing this API to AI agents — review and bind audience per deployment. See research/curity/agentic-governance/. summary: operations: 27 by_action_class: connected: 18 acting: 9 by_consequence: read: 18 write: 8 safety-critical: 1 human_in_the_loop_required: 1 operations: - path: /v1/company method: get operationId: getCompany x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/company/bank-account method: get operationId: getCompanyBankAccount x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/company/business-info method: get operationId: getCompanyBusinessInfo x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/company/custom-fields method: get operationId: listCompanyCustomFields x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/company/jurisdictions method: get operationId: listCompanyJurisdictions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/deduction-types method: get operationId: listDeductionTypes x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/deductions method: get operationId: listDeductions x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/deductions method: post operationId: createDeductions x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v1/deductions method: put operationId: updateDeductions x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v1/deductions/cancel method: patch operationId: cancelDeductions x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v1/members method: get operationId: listMembers x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/members/{member_id} method: get operationId: getMember x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/members/{member_id}/custom-field-values method: get operationId: listMemberCustomFieldValues x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/members/{member_id}/tax-id method: get operationId: getMemberTaxId x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /oauth/token method: post operationId: obtainOAuthToken x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v1/oauth/revoke method: post operationId: revokeOAuthToken x-agentic-access: action-class: acting consequence: safety-critical subject: required audience: null token: max-ttl: 120 exchange: true purpose-required: true proof-of-possession: true escalation: human-in-the-loop: required audit: required - path: /v1/payrolls method: get operationId: listPayrolls x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/payrolls/{payroll_id}/fees method: get operationId: listPayrollFees x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/payrolls/{payroll_id}/paystubs method: get operationId: listPaystubsForPayroll x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/paystubs/{paystub_id} method: get operationId: getPaystub x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/time-off/balances method: post operationId: createTimeOffBalancesReport x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v1/time-off/balances/{report_id} method: get operationId: getTimeOffBalancesReport x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/time-off/policies method: get operationId: listTimeOffPolicies x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/time-off/requests method: get operationId: listTimeOffRequests x-agentic-access: action-class: connected consequence: read subject: optional token: max-ttl: 3600 audit: none - path: /v1/webhooks/get method: post operationId: listWebhooks x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v1/webhooks/{webhook_id}/resume method: post operationId: resumeWebhook x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required - path: /v1/webhooks/{webhook_id}/simulate method: post operationId: simulateWebhook x-agentic-access: action-class: acting consequence: write subject: required audience: null token: max-ttl: 900 escalation: human-in-the-loop: conditional triggers: - abnormal - high-value audit: required