Summary and recommendation
Justworks does not publish a public REST API, developer portal, or SCIM 2.0 endpoint for user lifecycle management as of the research date. The developer.justworks.com domain exists but contains no documented open API surface for employee provisioning, deprovisioning, or role management. Partner integrations (QuickBooks, Xero, time-tracking tools) are closed, pre-built connectors - not extensible APIs.
Any identity graph that depends on Justworks as an authoritative HR source cannot be populated programmatically; data must be extracted manually or via support-assisted bulk processes.
API quick reference
| Has user API | No |
| SCIM available | No |
Authentication
Auth method: Not documented
User object / data model
User object field mapping is not yet verified for this app.
Core endpoints
Endpoint coverage is not yet verified for this app.
Rate limits, pagination, and events
Rate limits: Not documented
Rate-limit headers: No
Retry-After header: No
Rate-limit notes: Not documented
Pagination method: none
Default page size: 0
Max page size: 0
Pagination pointer: Not documented
Webhooks available: No
Webhook notes: No public webhook system for user lifecycle events has been documented by Justworks.
Alternative event strategy: Justworks supports a limited set of partner integrations (e.g., accounting, time-tracking tools) via its integrations marketplace, but these are pre-built connectors, not a general-purpose webhook or API framework.
SCIM API status
- SCIM available: No
- SCIM version: Not documented
- Plan required: Not documented
- Endpoint: Not documented
Limitations:
- Justworks does not document SCIM 2.0 provisioning support in its official help center or any public developer documentation.
- SSO via Google or Microsoft login is supported at the application level, but IdP-driven SCIM provisioning (Okta, Entra ID, etc.) is not publicly documented.
- MFA is required for admin accounts; no automated provisioning pathway is documented.
Common scenarios
There are no documented API scenarios for user provisioning or deprovisioning in Justworks. SSO via Google or Microsoft login is supported at the application level, but IdP-driven SCIM provisioning through Okta, Entra ID, or similar providers is explicitly not documented.
MFA is enforced for all admin accounts, but there is no automated provisioning pathway that respects or integrates with that enforcement.
Until Justworks publishes a public API or SCIM endpoint, any orchestration layer - including an MCP server with 60+ deep IT/identity integrations - would need to treat Justworks as a read-only or manual-input node in the identity graph rather than a live, queryable source.
Scenario implementations are not yet verified for this app.
Why building this yourself is a trap
The core risk is treating Justworks as an authoritative identity source without accounting for the absence of a sync mechanism. Because there is no SCIM or webhook system, employee lifecycle events - new hires, terminations, role changes - do not propagate to downstream systems automatically.
This creates drift between Justworks HR records and the identity graph over time. The additional caveat that admin role revocation is a separate step from employee termination means offboarding gaps can persist in the identity graph even when the HR record is correctly closed.
Teams building any automated access review or joiner-mover-leaver workflow must treat Justworks data as stale by default until a manual sync is confirmed.
Automate Justworks workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
