Payroll-managed rosters
When your roster is synced to a payroll provider, the API won't let you create, edit, or delete users.
If your agent's roster is synced to a payroll provider (such as ADP or Paylocity), payroll is the source of truth for who your workers are. The API enforces this the same way the Admin Portal does: it will not let you create, edit, or delete users.
The affected endpoints return:
{ "error": "roster_managed_by_payroll", "message": "This agent's roster is synced to a payroll provider; user writes are blocked." }with HTTP status 409.
What's blocked vs. allowed
| Operation | Payroll-synced roster |
|---|---|
GET /users, GET /users/{id} | ✅ Allowed |
POST /users (create) | ⛔ Blocked (409) |
PATCH /users/{id} (edit) | ⛔ Blocked (409) |
DELETE /users/{id} (offboard) | ⛔ Blocked (409) |
POST /messages, POST /alerts | ✅ Allowed |
POST /files, GET /files/{batch_id} | ✅ Allowed |
The gate applies only to roster writes. Reading the roster, messaging, alerting, and uploading files are unaffected.
Working with a payroll-synced roster
Make roster changes in your payroll provider — they flow into OnKey automatically. Use this API to read the roster and to reach your workers, not to manage who they are.
If you're not sure whether your roster is payroll-synced, check is_payroll_synced on any user from GET /users: true means that row is owned by the provider.
Updated about 1 hour ago

