@markwharton/eh-payroll 2.3.0 → 2.5.0

package/README.md

@@ -71,15 +71,6 @@ if (groupResult.ok) console.log(groupResult.data); // EHEmployeeGroup[]
 const hoursResult = await client.getStandardHours(employeeId);
 if (hoursResult.ok) console.log(hoursResult.data); // EHStandardHours
 
-// Discover available report columns
-const fieldsResult = await client.getReportFields();
-if (fieldsResult.ok) console.log(fieldsResult.data); // EHReportField[]
-
-// Run Employee Details Report with selected columns
-const reportResult = await client.getEmployeeDetailsReport({
-  selectedColumns: ['FirstName', 'Surname', 'ExternalId']
-});
-if (reportResult.ok) console.log(reportResult.data); // Record<string, unknown>[]
 ```
 
 ## Result Pattern
@@ -117,13 +108,15 @@ const employees = result.data;
 | `getRosterShifts(from, to, options?)` | `string, string, EHRosterShiftOptions?` | `Result<EHRosterShift[]>` |
 | `getKiosks()` | — | `Result<EHKiosk[]>` |
 | `getKioskStaff(kioskId, options?)` | `number, EHKioskStaffOptions?` | `Result<EHKioskEmployee[]>` |
-| `getReportFields()` | — | `Result<EHReportField[]>` |
 | `getLeaveRequests(options?)` | `EHLeaveRequestOptions?` | `Result<EHLeaveRequest[]>` |
-| `getEmployeeDetailsReport(options?)` | `EHEmployeeDetailsReportOptions?` | `Result<Record<string, unknown>[]>` |
 
 ### `getLeaveRequests()`
 
-Returns leave requests with all filters applied server-side. Unlike paginated endpoints, this returns a flat array.
+Returns leave requests with all filters applied server-side. The business-level endpoint (`/api/v2/business/{businessId}/leaverequest`) returns a flat array — no pagination is available.
+
+**Leave requests are time-series data** — unlike employees and locations which remain relatively stable, leave requests grow continuously as new requests accumulate. Always use `fromDate`/`toDate` filters to bound the result set. Without date filters, the API returns the entire leave request history.
+
+> **Note:** The Payroll API also provides a per-employee endpoint (`/api/v2/business/{businessId}/employee/{employeeId}/leaverequest`) with OData support (`$filter`, `$orderby`, `$top`, `$skip`). This client currently uses only the business-level endpoint.
 
 **`EHLeaveRequestOptions`:**
 
@@ -136,10 +129,6 @@ Returns leave requests with all filters applied server-side. Unlike paginated en
 | `leaveCategoryId` | `number` | Filter by leave category ID |
 | `locationId` | `number` | Filter by location ID |
 
-### `getEmployeeDetailsReport()`
-
-Returns all employees with the requested columns in a single API call. The response is dynamic — field keys depend on `selectedColumns`. Results are cached with `employeeDetailsReportTtl` (default: 2 min).
-
 ### `getRosterShifts()`
 
 Automatically paginates through all results (100 per page). Returns the complete set of roster shifts for the requested date range. All filter options are applied server-side, reducing the number of results and pages fetched.
@@ -168,7 +157,7 @@ const client = new EHClient({
 });
 ```
 
-`EHConfig` extends `ClientConfig` from api-core, which provides the `baseUrl`, `onRequest`, `retry`, and `cacheInstance` fields. `apiKey`, `businessId`, `region`, `cache`, and `rateLimitPerSecond` are EH-specific. Pass `cacheInstance` to use a custom cache backend (e.g., `LayeredCache` with persistent stores); otherwise `cache: {}` creates an in-memory `TTLCache`. PII data (`includePii: true`) automatically skips persistent stores.
+`EHConfig` extends `ClientConfig` from api-core, which provides the `baseUrl`, `onRequest`, `retry`, and `cacheInstance` fields. `apiKey`, `businessId`, `region`, `cache`, and `rateLimitPerSecond` are EH-specific. Pass `cacheInstance` to use a custom cache backend (e.g., `LayeredCache` with persistent stores); otherwise `cache: {}` creates an in-memory `TTLCache`. Set `persistRestricted: false` to keep restricted-tier data in memory only.
 
 ### Cache TTLs
 
@@ -182,10 +171,8 @@ const client = new EHClient({
 | Leave requests | 2 min |
 | Kiosks | 5 min |
 | Kiosk staff | 1 min |
-| Report fields | 10 min |
-| Employee details report | 2 min |
 
-Failed API results (`ok: false`) are never cached — transient errors won't persist for the full TTL. See the [root README Cache System section](../../README.md#cache-system) for the full cache architecture (layered stores, PII handling, request coalescing).
+Failed API results (`ok: false`) are never cached — transient errors won't persist for the full TTL. See the [root README Cache System section](../../README.md#cache-system) for the full cache architecture (layered stores, restricted data handling, request coalescing).
 
 ### Rate Limiting
 

package/dist/client.d.ts

@@ -6,7 +6,7 @@
  *
  * @see https://api.keypay.com.au/
  */
-import type { EHConfig, EHLeaveRequest, EHLeaveRequestOptions, EHEmployeeOptions, EHSingleEmployeeOptions, EHStandardHours, EHLocation, EHEmployeeGroup, EHRosterShift, EHRosterShiftOptions, EHKiosk, EHKioskEmployee, EHKioskStaffOptions, EHReportField, EHEmployeeDetailsReportOptions } from './types.js';
+import type { EHConfig, EHLeaveRequest, EHLeaveRequestOptions, EHEmployeeOptions, EHStandardHours, EHLocation, EHEmployeeGroup, EHRosterShift, EHRosterShiftOptions, EHKiosk, EHKioskEmployee, EHKioskStaffOptions } from './types.js';
 import type { EHAuEmployee } from './employee-types.generated.js';
 import type { Result } from '@markwharton/api-core';
 /**
@@ -32,7 +32,10 @@ export declare class EHClient {
     private readonly cacheTtl;
     private readonly retryConfig?;
     private readonly rateLimiter?;
+    private readonly persistRestricted;
     constructor(config: EHConfig);
+    /** Cache options for restricted-tier methods: skip persistent stores when persistRestricted is false. */
+    private get restrictedPersistOpt();
     /**
      * Route through cache if enabled, otherwise call factory directly.
      * Failed Results (ok === false) are never cached — transient errors
@@ -90,7 +93,7 @@ export declare class EHClient {
     /**
      * Get a single employee by ID
      */
-    getEmployee(employeeId: number, options?: EHSingleEmployeeOptions): Promise<Result<EHAuEmployee>>;
+    getEmployee(employeeId: number): Promise<Result<EHAuEmployee>>;
     /**
      * Get standard hours for an employee (includes FTE value)
      */
@@ -122,18 +125,4 @@ export declare class EHClient {
      * @param options - Optional query parameters
      */
     getKioskStaff(kioskId: number, options?: EHKioskStaffOptions): Promise<Result<EHKioskEmployee[]>>;
-    /**
-     * Get available fields for the Employee Details Report
-     *
-     * Returns the list of columns that can be requested via getEmployeeDetailsReport().
-     * Use this to discover what data is available for the business.
-     */
-    getReportFields(): Promise<Result<EHReportField[]>>;
-    /**
-     * Get Employee Details Report
-     *
-     * Returns all employees with the requested columns in a single API call.
-     * The response is dynamic (JObject[]) — field keys depend on selectedColumns.
-     */
-    getEmployeeDetailsReport(options?: EHEmployeeDetailsReportOptions): Promise<Result<Record<string, unknown>[]>>;
 }

package/dist/client.js

@@ -6,7 +6,7 @@
  *
  * @see https://api.keypay.com.au/
  */
-import { AU_EMPLOYEE_OPERATIONAL_FIELDS, AU_EMPLOYEE_FIELDS, LEAVE_REQUEST_FIELDS, LOCATION_FIELDS, EMPLOYEE_GROUP_FIELDS, ROSTER_SHIFT_FIELDS, KIOSK_FIELDS, KIOSK_EMPLOYEE_FIELDS, } from './types.js';
+import { AU_EMPLOYEE_FIELDS, LEAVE_REQUEST_FIELDS, LOCATION_FIELDS, EMPLOYEE_GROUP_FIELDS, ROSTER_SHIFT_FIELDS, KIOSK_FIELDS, KIOSK_EMPLOYEE_FIELDS, } from './types.js';
 import { buildBasicAuthHeader } from './utils.js';
 import { parseEHPayrollErrorResponse } from './errors.js';
 import { EH_API_BASE, EH_REGION_URLS } from './constants.js';
@@ -49,8 +49,6 @@ export class EHClient {
             rosterShiftsTtl: config.cache?.rosterShiftsTtl ?? 120000,
             kiosksTtl: config.cache?.kiosksTtl ?? 300000,
             kioskStaffTtl: config.cache?.kioskStaffTtl ?? 60000,
-            reportFieldsTtl: config.cache?.reportFieldsTtl ?? 600000,
-            employeeDetailsReportTtl: config.cache?.employeeDetailsReportTtl ?? 120000,
         };
         // Initialize retry config with defaults if provided
         this.retryConfig = resolveRetryConfig(config.retry);
@@ -59,6 +57,11 @@ export class EHClient {
         if (rateLimitPerSecond > 0) {
             this.rateLimiter = new RateLimiter(rateLimitPerSecond);
         }
+        this.persistRestricted = config.persistRestricted ?? true;
+    }
+    /** Cache options for restricted-tier methods: skip persistent stores when persistRestricted is false. */
+    get restrictedPersistOpt() {
+        return this.persistRestricted ? undefined : { persist: false };
     }
     /**
      * Route through cache if enabled, otherwise call factory directly.
@@ -240,7 +243,7 @@ export class EHClient {
                 return (await r.json())
                     .map(item => pickFields(item, LEAVE_REQUEST_FIELDS));
             });
-        });
+        }, this.restrictedPersistOpt);
     }
     // ============================================================================
     // Employees
@@ -249,16 +252,12 @@ export class EHClient {
      * Get all employees (unstructured format)
      */
     async getEmployees(options) {
-        const fields = options?.includePii ? AU_EMPLOYEE_FIELDS : AU_EMPLOYEE_OPERATIONAL_FIELDS;
         const parts = ['employees'];
         if (options?.payScheduleId != null)
             parts.push(`ps:${options.payScheduleId}`);
         if (options?.locationId != null)
             parts.push(`loc:${options.locationId}`);
-        if (options?.includePii)
-            parts.push('pii');
         const cacheKey = parts.join(':');
-        const persistOpt = options?.includePii ? { persist: false } : undefined;
         return this.cached(cacheKey, this.cacheTtl.employeesTtl, () => {
             const params = new URLSearchParams();
             if (options?.payScheduleId != null)
@@ -269,22 +268,19 @@ export class EHClient {
             return this.fetchPaginated((skip) => {
                 params.set('$skip', String(skip));
                 return `${this.baseUrl}/business/${this.businessId}/employee/unstructured?${params}`;
-            }, fields);
-        }, persistOpt);
+            }, AU_EMPLOYEE_FIELDS);
+        }, this.restrictedPersistOpt);
     }
     /**
      * Get a single employee by ID
      */
-    async getEmployee(employeeId, options) {
-        const fields = options?.includePii ? AU_EMPLOYEE_FIELDS : AU_EMPLOYEE_OPERATIONAL_FIELDS;
-        const cacheKey = options?.includePii ? `employee:${employeeId}:pii` : `employee:${employeeId}`;
-        const persistOpt = options?.includePii ? { persist: false } : undefined;
-        return this.cached(cacheKey, this.cacheTtl.employeesTtl, async () => {
+    async getEmployee(employeeId) {
+        return this.cached(`employee:${employeeId}`, this.cacheTtl.employeesTtl, async () => {
             const url = `${this.baseUrl}/business/${this.businessId}/employee/unstructured/${employeeId}`;
             return this.fetchAndParse(url, async (r) => {
-                return pickFields(await r.json(), fields);
+                return pickFields(await r.json(), AU_EMPLOYEE_FIELDS);
             });
-        }, persistOpt);
+        }, this.restrictedPersistOpt);
     }
     // ============================================================================
     // Standard Hours
@@ -298,7 +294,7 @@ export class EHClient {
             return this.fetchAndParse(url, async (r) => {
                 return await r.json();
             }, { description: `Get standard hours for employee ${employeeId}` });
-        });
+        }, this.restrictedPersistOpt);
     }
     // ============================================================================
     // Locations
@@ -450,61 +446,4 @@ export class EHClient {
             });
         });
     }
-    // ============================================================================
-    // Employee Details Report
-    // ============================================================================
-    /**
-     * Get available fields for the Employee Details Report
-     *
-     * Returns the list of columns that can be requested via getEmployeeDetailsReport().
-     * Use this to discover what data is available for the business.
-     */
-    async getReportFields() {
-        return this.cached('reportfields', this.cacheTtl.reportFieldsTtl, async () => {
-            const url = `${this.baseUrl}/business/${this.businessId}/report/employeedetails/fields`;
-            return this.fetchAndParse(url, async (r) => {
-                return await r.json();
-            });
-        });
-    }
-    /**
-     * Get Employee Details Report
-     *
-     * Returns all employees with the requested columns in a single API call.
-     * The response is dynamic (JObject[]) — field keys depend on selectedColumns.
-     */
-    async getEmployeeDetailsReport(options) {
-        const parts = ['report:employeedetails'];
-        if (options?.selectedColumns?.length)
-            parts.push(`cols:${options.selectedColumns.join(',')}`);
-        if (options?.locationId != null)
-            parts.push(`loc:${options.locationId}`);
-        if (options?.employingEntityId != null)
-            parts.push(`ee:${options.employingEntityId}`);
-        if (options?.includeActive != null)
-            parts.push(`a:${options.includeActive}`);
-        if (options?.includeInactive != null)
-            parts.push(`i:${options.includeInactive}`);
-        const cacheKey = parts.join(':');
-        return this.cached(cacheKey, this.cacheTtl.employeeDetailsReportTtl, async () => {
-            const params = new URLSearchParams();
-            if (options?.selectedColumns) {
-                for (const col of options.selectedColumns) {
-                    params.append('selectedColumns', col);
-                }
-            }
-            if (options?.locationId != null)
-                params.set('locationId', String(options.locationId));
-            if (options?.employingEntityId != null)
-                params.set('employingEntityId', String(options.employingEntityId));
-            if (options?.includeActive != null)
-                params.set('includeActive', String(options.includeActive));
-            if (options?.includeInactive != null)
-                params.set('includeInactive', String(options.includeInactive));
-            const url = this.businessUrl('report/employeedetails', params);
-            return this.fetchAndParse(url, async (r) => {
-                return await r.json();
-            });
-        });
-    }
 }

package/dist/index.d.ts

@@ -20,8 +20,10 @@
  * ```
  */
 export { EHClient } from './client.js';
-export type { EHConfig, EHCacheConfig, EHRetryConfig, EHLeaveRequest, EHLeaveRequestOptions, EHLeaveRequestStatus, EHEmployee, EHEmployeeOptions, EHSingleEmployeeOptions, EHStandardHours, EHLocation, EHEmployeeGroup, EHRosterShift, EHRosterShiftOptions, EHAttendanceStatus, EHKiosk, EHKioskEmployee, EHKioskStaffOptions, EHReportField, EHEmployeeDetailsReportOptions, } from './types.js';
-export { AU_EMPLOYEE_OPERATIONAL_FIELDS, AU_EMPLOYEE_PII_FIELDS, AU_EMPLOYEE_FIELDS, LEAVE_REQUEST_FIELDS, LOCATION_FIELDS, EMPLOYEE_GROUP_FIELDS, ROSTER_SHIFT_FIELDS, KIOSK_FIELDS, KIOSK_EMPLOYEE_FIELDS, } from './types.js';
+export type { EHConfig, EHCacheConfig, EHRetryConfig, EHLeaveRequest, EHLeaveRequestOptions, EHLeaveRequestStatus, EHEmployee, EHEmployeeOptions, EHStandardHours, EHLocation, EHEmployeeGroup, EHRosterShift, EHRosterShiftOptions, EHAttendanceStatus, EHKiosk, EHKioskEmployee, EHKioskStaffOptions, } from './types.js';
+export { AU_EMPLOYEE_FIELDS, LEAVE_REQUEST_FIELDS, LOCATION_FIELDS, EMPLOYEE_GROUP_FIELDS, ROSTER_SHIFT_FIELDS, KIOSK_FIELDS, KIOSK_EMPLOYEE_FIELDS, } from './types.js';
+export type { AccessTier } from './types.js';
+export { METHOD_TIERS } from './types.js';
 export type { EHAuEmployee } from './employee-types.generated.js';
 export { buildBasicAuthHeader } from './utils.js';
 export { ok, err, getErrorMessage, pickFields, RateLimiter, TTLCache, MemoryCacheStore, LayeredCache } from '@markwharton/api-core';

package/dist/index.js

@@ -22,7 +22,8 @@
 // Main client
 export { EHClient } from './client.js';
 // Field key constants (whitelists for pickFields)
-export { AU_EMPLOYEE_OPERATIONAL_FIELDS, AU_EMPLOYEE_PII_FIELDS, AU_EMPLOYEE_FIELDS, LEAVE_REQUEST_FIELDS, LOCATION_FIELDS, EMPLOYEE_GROUP_FIELDS, ROSTER_SHIFT_FIELDS, KIOSK_FIELDS, KIOSK_EMPLOYEE_FIELDS, } from './types.js';
+export { AU_EMPLOYEE_FIELDS, LEAVE_REQUEST_FIELDS, LOCATION_FIELDS, EMPLOYEE_GROUP_FIELDS, ROSTER_SHIFT_FIELDS, KIOSK_FIELDS, KIOSK_EMPLOYEE_FIELDS, } from './types.js';
+export { METHOD_TIERS } from './types.js';
 // Utilities
 export { buildBasicAuthHeader } from './utils.js';
 // Re-exported from @markwharton/api-core

package/dist/types.d.ts

@@ -29,10 +29,6 @@ export interface EHCacheConfig {
     kiosksTtl?: number;
     /** TTL for kiosk staff (default: 60000 = 1 min) */
     kioskStaffTtl?: number;
-    /** TTL for report fields (default: 600000 = 10 min) */
-    reportFieldsTtl?: number;
-    /** TTL for employee details report (default: 120000 = 2 min) */
-    employeeDetailsReportTtl?: number;
 }
 /** @deprecated Use `RetryConfig` from `@markwharton/api-core` directly. */
 export type EHRetryConfig = RetryConfig;
@@ -50,6 +46,8 @@ export interface EHConfig extends ClientConfig {
     cache?: EHCacheConfig;
     /** Max requests per second (default: 5 per API spec). Set 0 to disable. */
     rateLimitPerSecond?: number;
+    /** Whether to persist restricted-tier data in persistent cache stores (default: true). Set false to keep restricted data in memory only. */
+    persistRestricted?: boolean;
 }
 /**
  * Employee from unstructured endpoint
@@ -235,15 +233,6 @@ export interface EHEmployeeOptions {
     payScheduleId?: number;
     /** Filter by location ID */
     locationId?: number;
-    /** Include PII fields (default: false — operational fields only) */
-    includePii?: boolean;
-}
-/**
- * Options for getEmployee (single)
- */
-export interface EHSingleEmployeeOptions {
-    /** Include PII fields (default: false — operational fields only) */
-    includePii?: boolean;
 }
 /**
  * Options for getRosterShifts
@@ -320,32 +309,6 @@ export interface EHKioskStaffOptions {
     /** Restrict current shifts to current kiosk location (default: false) */
     restrictCurrentShiftsToCurrentKioskLocation?: boolean;
 }
-/**
- * Available field for the Employee Details Report
- *
- * From GET /business/{id}/report/employeedetails/fields
- */
-export interface EHReportField {
-    /** Field identifier (used in selectedColumns) */
-    value: string;
-    /** Human-readable field name */
-    displayText: string;
-}
-/**
- * Options for getEmployeeDetailsReport
- */
-export interface EHEmployeeDetailsReportOptions {
-    /** Column names to include in the report */
-    selectedColumns?: string[];
-    /** Filter by location ID */
-    locationId?: number;
-    /** Filter by employing entity ID */
-    employingEntityId?: number;
-    /** Include active employees (default: true) */
-    includeActive?: boolean;
-    /** Include inactive employees (default: false) */
-    includeInactive?: boolean;
-}
 /** Whitelisted fields for EHLeaveRequest */
 export declare const LEAVE_REQUEST_FIELDS: readonly ["id", "employeeId", "leaveCategoryId", "employee", "leaveCategory", "fromDate", "toDate", "totalHours", "hoursApplied", "notes", "status"];
 /** Whitelisted fields for EHLocation */
@@ -358,15 +321,15 @@ export declare const KIOSK_EMPLOYEE_FIELDS: readonly ["employeeId", "firstName",
 export declare const EMPLOYEE_GROUP_FIELDS: readonly ["id", "name"];
 /** Whitelisted fields for EHRosterShift */
 export declare const ROSTER_SHIFT_FIELDS: readonly ["id", "employeeId", "employeeName", "locationId", "locationName", "workTypeId", "workTypeName", "startTime", "endTime", "notes", "published", "accepted"];
+/** Whitelisted fields for EHAuEmployee (139 fields) */
+export declare const AU_EMPLOYEE_FIELDS: readonly ["id", "externalId", "firstName", "surname", "status", "startDate", "endDate", "anniversaryDate", "dateCreated", "employmentType", "jobTitle", "employmentAgreement", "employmentAgreementId", "paySchedule", "payRateTemplate", "rate", "rateUnit", "hoursPerWeek", "hoursPerDay", "primaryPayCategory", "payConditionRuleSet", "overrideTemplateRate", "automaticallyPayEmployee", "primaryLocation", "locations", "tags", "workTypes", "reportingDimensionValues", "leaveAccrualStartDateType", "leaveTemplate", "leaveYearStart", "isEnabledForTimesheets", "rosteringNotificationChoices", "paySlipNotificationType", "terminationReason", "australianResident", "awardId", "businessAwardPackage", "automaticallyApplyPublicHolidayNotWorkedEarningsLines", "closelyHeldEmployee", "closelyHeldReporting", "disableAutoProgression", "dvlPaySlipDescription", "employingEntityId", "includeInPortableLongServiceLeaveReport", "portableLongServiceLeaveId", "isExemptFromFloodLevy", "isExemptFromPayrollTax", "isSeasonalWorker", "maximumQuarterlySuperContributionsBase", "superThresholdAmount", "singleTouchPayroll", "dateOfBirth", "gender", "title", "middleName", "preferredName", "previousSurname", "emailAddress", "homePhone", "mobilePhone", "workPhone", "bankAccount1_AccountName", "bankAccount1_AccountNumber", "bankAccount1_AllocatedPercentage", "bankAccount1_BSB", "bankAccount1_FixedAmount", "bankAccount2_AccountName", "bankAccount2_AccountNumber", "bankAccount2_AllocatedPercentage", "bankAccount2_BSB", "bankAccount2_FixedAmount", "bankAccount3_AccountName", "bankAccount3_AccountNumber", "bankAccount3_AllocatedPercentage", "bankAccount3_BSB", "bankAccount3_FixedAmount", "emergencyContact1_Address", "emergencyContact1_AlternateContactNumber", "emergencyContact1_ContactNumber", "emergencyContact1_Name", "emergencyContact1_Relationship", "emergencyContact2_Address", "emergencyContact2_AlternateContactNumber", "emergencyContact2_ContactNumber", "emergencyContact2_Name", "emergencyContact2_Relationship", "postalStreetAddress", "postalAddressLine2", "postalPostCode", "postalCountry", "postalState", "postalSuburb", "postalAddressIsOverseas", "residentialStreetAddress", "residentialAddressLine2", "residentialPostCode", "residentialCountry", "residentialState", "residentialSuburb", "residentialAddressIsOverseas", "taxFileNumber", "taxCategory", "taxVariation", "claimTaxFreeThreshold", "claimMedicareLevyReduction", "medicareLevyExemption", "medicareLevyReductionDependentCount", "medicareLevyReductionSpouse", "medicareLevySurchargeWithholdingTier", "seniorsTaxOffset", "otherTaxOffset", "stslDebt", "hasWithholdingVariation", "dateTaxFileDeclarationReported", "dateTaxFileDeclarationSigned", "superFund1_AllocatedPercentage", "superFund1_EmployerNominatedFund", "superFund1_FixedAmount", "superFund1_FundName", "superFund1_MemberNumber", "superFund1_ProductCode", "superFund2_AllocatedPercentage", "superFund2_EmployerNominatedFund", "superFund2_FixedAmount", "superFund2_FundName", "superFund2_MemberNumber", "superFund2_ProductCode", "superFund3_AllocatedPercentage", "superFund3_EmployerNominatedFund", "superFund3_FixedAmount", "superFund3_FundName", "superFund3_MemberNumber", "superFund3_ProductCode", "contractorABN", "employingEntityABN", "hasApprovedWorkingHolidayVisa", "workingHolidayVisaCountry", "workingHolidayVisaStartDate"];
+/** Access tier for method-level authorization */
+export type AccessTier = 'standard' | 'restricted';
 /**
- * Operational fields for EHAuEmployee (52 fields)
- * Identity, employment structure, pay config, scheduling, leave, AU compliance.
- */
-export declare const AU_EMPLOYEE_OPERATIONAL_FIELDS: readonly ["id", "externalId", "firstName", "surname", "status", "startDate", "endDate", "anniversaryDate", "dateCreated", "employmentType", "jobTitle", "employmentAgreement", "employmentAgreementId", "paySchedule", "payRateTemplate", "rate", "rateUnit", "hoursPerWeek", "hoursPerDay", "primaryPayCategory", "payConditionRuleSet", "overrideTemplateRate", "automaticallyPayEmployee", "primaryLocation", "locations", "tags", "workTypes", "reportingDimensionValues", "leaveAccrualStartDateType", "leaveTemplate", "leaveYearStart", "isEnabledForTimesheets", "rosteringNotificationChoices", "paySlipNotificationType", "terminationReason", "australianResident", "awardId", "businessAwardPackage", "automaticallyApplyPublicHolidayNotWorkedEarningsLines", "closelyHeldEmployee", "closelyHeldReporting", "disableAutoProgression", "dvlPaySlipDescription", "employingEntityId", "includeInPortableLongServiceLeaveReport", "portableLongServiceLeaveId", "isExemptFromFloodLevy", "isExemptFromPayrollTax", "isSeasonalWorker", "maximumQuarterlySuperContributionsBase", "superThresholdAmount", "singleTouchPayroll"];
-/**
- * PII fields for EHAuEmployee (87 fields)
- * Personal data, contact info, bank accounts, addresses, tax, super, emergency contacts.
+ * Access tier for each data method.
+ *
+ * Standard: operational data (locations, groups, kiosks, roster shifts).
+ * Restricted: employee-level data (employees, standard hours, leave requests).
+ * Utility methods (validate, clear, invalidate) are not included.
  */
-export declare const AU_EMPLOYEE_PII_FIELDS: readonly ["dateOfBirth", "gender", "title", "middleName", "preferredName", "previousSurname", "emailAddress", "homePhone", "mobilePhone", "workPhone", "bankAccount1_AccountName", "bankAccount1_AccountNumber", "bankAccount1_AllocatedPercentage", "bankAccount1_BSB", "bankAccount1_FixedAmount", "bankAccount2_AccountName", "bankAccount2_AccountNumber", "bankAccount2_AllocatedPercentage", "bankAccount2_BSB", "bankAccount2_FixedAmount", "bankAccount3_AccountName", "bankAccount3_AccountNumber", "bankAccount3_AllocatedPercentage", "bankAccount3_BSB", "bankAccount3_FixedAmount", "emergencyContact1_Address", "emergencyContact1_AlternateContactNumber", "emergencyContact1_ContactNumber", "emergencyContact1_Name", "emergencyContact1_Relationship", "emergencyContact2_Address", "emergencyContact2_AlternateContactNumber", "emergencyContact2_ContactNumber", "emergencyContact2_Name", "emergencyContact2_Relationship", "postalStreetAddress", "postalAddressLine2", "postalPostCode", "postalCountry", "postalState", "postalSuburb", "postalAddressIsOverseas", "residentialStreetAddress", "residentialAddressLine2", "residentialPostCode", "residentialCountry", "residentialState", "residentialSuburb", "residentialAddressIsOverseas", "taxFileNumber", "taxCategory", "taxVariation", "claimTaxFreeThreshold", "claimMedicareLevyReduction", "medicareLevyExemption", "medicareLevyReductionDependentCount", "medicareLevyReductionSpouse", "medicareLevySurchargeWithholdingTier", "seniorsTaxOffset", "otherTaxOffset", "stslDebt", "hasWithholdingVariation", "dateTaxFileDeclarationReported", "dateTaxFileDeclarationSigned", "superFund1_AllocatedPercentage", "superFund1_EmployerNominatedFund", "superFund1_FixedAmount", "superFund1_FundName", "superFund1_MemberNumber", "superFund1_ProductCode", "superFund2_AllocatedPercentage", "superFund2_EmployerNominatedFund", "superFund2_FixedAmount", "superFund2_FundName", "superFund2_MemberNumber", "superFund2_ProductCode", "superFund3_AllocatedPercentage", "superFund3_EmployerNominatedFund", "superFund3_FixedAmount", "superFund3_FundName", "superFund3_MemberNumber", "superFund3_ProductCode", "contractorABN", "employingEntityABN", "hasApprovedWorkingHolidayVisa", "workingHolidayVisaCountry", "workingHolidayVisaStartDate"];
-/** All whitelisted fields for EHAuEmployee (operational + PII) */
-export declare const AU_EMPLOYEE_FIELDS: readonly ["id", "externalId", "firstName", "surname", "status", "startDate", "endDate", "anniversaryDate", "dateCreated", "employmentType", "jobTitle", "employmentAgreement", "employmentAgreementId", "paySchedule", "payRateTemplate", "rate", "rateUnit", "hoursPerWeek", "hoursPerDay", "primaryPayCategory", "payConditionRuleSet", "overrideTemplateRate", "automaticallyPayEmployee", "primaryLocation", "locations", "tags", "workTypes", "reportingDimensionValues", "leaveAccrualStartDateType", "leaveTemplate", "leaveYearStart", "isEnabledForTimesheets", "rosteringNotificationChoices", "paySlipNotificationType", "terminationReason", "australianResident", "awardId", "businessAwardPackage", "automaticallyApplyPublicHolidayNotWorkedEarningsLines", "closelyHeldEmployee", "closelyHeldReporting", "disableAutoProgression", "dvlPaySlipDescription", "employingEntityId", "includeInPortableLongServiceLeaveReport", "portableLongServiceLeaveId", "isExemptFromFloodLevy", "isExemptFromPayrollTax", "isSeasonalWorker", "maximumQuarterlySuperContributionsBase", "superThresholdAmount", "singleTouchPayroll", "dateOfBirth", "gender", "title", "middleName", "preferredName", "previousSurname", "emailAddress", "homePhone", "mobilePhone", "workPhone", "bankAccount1_AccountName", "bankAccount1_AccountNumber", "bankAccount1_AllocatedPercentage", "bankAccount1_BSB", "bankAccount1_FixedAmount", "bankAccount2_AccountName", "bankAccount2_AccountNumber", "bankAccount2_AllocatedPercentage", "bankAccount2_BSB", "bankAccount2_FixedAmount", "bankAccount3_AccountName", "bankAccount3_AccountNumber", "bankAccount3_AllocatedPercentage", "bankAccount3_BSB", "bankAccount3_FixedAmount", "emergencyContact1_Address", "emergencyContact1_AlternateContactNumber", "emergencyContact1_ContactNumber", "emergencyContact1_Name", "emergencyContact1_Relationship", "emergencyContact2_Address", "emergencyContact2_AlternateContactNumber", "emergencyContact2_ContactNumber", "emergencyContact2_Name", "emergencyContact2_Relationship", "postalStreetAddress", "postalAddressLine2", "postalPostCode", "postalCountry", "postalState", "postalSuburb", "postalAddressIsOverseas", "residentialStreetAddress", "residentialAddressLine2", "residentialPostCode", "residentialCountry", "residentialState", "residentialSuburb", "residentialAddressIsOverseas", "taxFileNumber", "taxCategory", "taxVariation", "claimTaxFreeThreshold", "claimMedicareLevyReduction", "medicareLevyExemption", "medicareLevyReductionDependentCount", "medicareLevyReductionSpouse", "medicareLevySurchargeWithholdingTier", "seniorsTaxOffset", "otherTaxOffset", "stslDebt", "hasWithholdingVariation", "dateTaxFileDeclarationReported", "dateTaxFileDeclarationSigned", "superFund1_AllocatedPercentage", "superFund1_EmployerNominatedFund", "superFund1_FixedAmount", "superFund1_FundName", "superFund1_MemberNumber", "superFund1_ProductCode", "superFund2_AllocatedPercentage", "superFund2_EmployerNominatedFund", "superFund2_FixedAmount", "superFund2_FundName", "superFund2_MemberNumber", "superFund2_ProductCode", "superFund3_AllocatedPercentage", "superFund3_EmployerNominatedFund", "superFund3_FixedAmount", "superFund3_FundName", "superFund3_MemberNumber", "superFund3_ProductCode", "contractorABN", "employingEntityABN", "hasApprovedWorkingHolidayVisa", "workingHolidayVisaCountry", "workingHolidayVisaStartDate"];
+export declare const METHOD_TIERS: Record<string, AccessTier>;

package/dist/types.js

@@ -41,11 +41,8 @@ export const ROSTER_SHIFT_FIELDS = [
     'workTypeId', 'workTypeName', 'startTime', 'endTime',
     'notes', 'published', 'accepted',
 ];
-/**
- * Operational fields for EHAuEmployee (52 fields)
- * Identity, employment structure, pay config, scheduling, leave, AU compliance.
- */
-export const AU_EMPLOYEE_OPERATIONAL_FIELDS = [
+/** Whitelisted fields for EHAuEmployee (139 fields) */
+export const AU_EMPLOYEE_FIELDS = [
     // Identity
     'id', 'externalId', 'firstName', 'surname', 'status',
     // Dates
@@ -71,12 +68,6 @@ export const AU_EMPLOYEE_OPERATIONAL_FIELDS = [
     'isExemptFromFloodLevy', 'isExemptFromPayrollTax', 'isSeasonalWorker',
     'maximumQuarterlySuperContributionsBase', 'superThresholdAmount',
     'singleTouchPayroll',
-];
-/**
- * PII fields for EHAuEmployee (87 fields)
- * Personal data, contact info, bank accounts, addresses, tax, super, emergency contacts.
- */
-export const AU_EMPLOYEE_PII_FIELDS = [
     // Personal
     'dateOfBirth', 'gender', 'title', 'middleName', 'preferredName', 'previousSurname',
     // Contact
@@ -118,8 +109,21 @@ export const AU_EMPLOYEE_PII_FIELDS = [
     // Visa
     'hasApprovedWorkingHolidayVisa', 'workingHolidayVisaCountry', 'workingHolidayVisaStartDate',
 ];
-/** All whitelisted fields for EHAuEmployee (operational + PII) */
-export const AU_EMPLOYEE_FIELDS = [
-    ...AU_EMPLOYEE_OPERATIONAL_FIELDS,
-    ...AU_EMPLOYEE_PII_FIELDS,
-];
+/**
+ * Access tier for each data method.
+ *
+ * Standard: operational data (locations, groups, kiosks, roster shifts).
+ * Restricted: employee-level data (employees, standard hours, leave requests).
+ * Utility methods (validate, clear, invalidate) are not included.
+ */
+export const METHOD_TIERS = {
+    getLocations: 'standard',
+    getEmployeeGroups: 'standard',
+    getKiosks: 'standard',
+    getKioskStaff: 'standard',
+    getRosterShifts: 'standard',
+    getEmployees: 'restricted',
+    getLeaveRequests: 'restricted',
+    getEmployee: 'restricted',
+    getStandardHours: 'restricted',
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@markwharton/eh-payroll",
-  "version": "2.3.0",
+  "version": "2.5.0",
   "description": "Employment Hero Payroll API client",
   "type": "module",
   "main": "dist/index.js",