[parkerconrad]

ADP has for years, and still does, allow bookkeepers, accountants, and HR services firms similar to Zenefits to access client accounts via 3rd-party administrative logins that clients themselves set up in their payroll.

The way this works is that you, as an ADP client, call them up and says "hey, I've asked my HR firm, XYZ-HR, to manage my payroll. Can you create an account for them to access my payroll system?" ADP creates this account, and XYZ-HR then handles all the payroll admin work going forward -- adding employee, terming them, inputting hours worked, managing deductions, etc.

This is how this has worked for years, and it's how thousands of companies do this via ADP. Even today, as an ADP RUN client, you can call in and add any third-party person you want as an admin to your payroll system -- as long as it's not Zenefits. ADP has marketing materials that describe this feature, both for companies and HR / bookkeeping / accounting firms. This is how Zenefits was accessing client's payroll, and doing so in order to take on all the administrative work related to payroll that you don't want to handle. We weren't "hacking" anything. We were doing this at our customers' request, with their full knowledge of what we were doing, and ADP set up these accounts with @zenefits.com email addresses, knowing it was Zenefits.

There is nothing improper about how we were doing this.

[maratd]

> There is nothing improper about how we were doing this.

You were automating it, weren't you?

With bookkeepers, accountants, etc. the login and work done on the system was manual. It was an actual person doing it.

In your case, a computer is doing it instead.

Virtually every site out there, from Facebook to Twitter, prohibits the use of bots and scraping. Not surprising ADP isn't a fan.

What is surprising is that you feel you're entitled to access their system however you want? It's their system. If they want to prohibit bots and allow only people, that's their biz. If you think ADP is full of it, create your own system with a public API and put them out of business.

[cddotdotslash]

> you can call in and add any third-party person you want as an admin to your payroll system

So they will create an admin account for a person - a single, human individual.

> In addition, Zenefits’ method of extracting data from ADP’s RUN system via “screen-scraping” put excessive demands on ADP’s servers, potentially impacting service delivery to the entire client base.[1]

If you weren't using the API, and instead were having a machine log in to access the data, that is pretty much the definition of scraping. There is a difference between a person using an admin account setup for them to log in and perform a certain set of actions and hundreds of accounts setup for the purposes of continual automated logins.

How many requests did you make? Do you rate-limit your queries to the rate of a human-being (maybe 1 click every couple of seconds)? Do you only login to one or two accounts at a time?

I still don't see a valid reason why any company (big or small) should have to invest resources in supporting a third-party that wants to use its data in an unsupported manner. Of course you can argue that they allowed it in the past, but an entire business shouldn't rely on unsupported access to something without the assumption that it could disappear at any minute.

[1] http://techcrunch.com/2015/06/10/adp-sues-zenefits-for-defam...

[healthnetwork]

Parker when are you going to do another ADP post on Zenefits blog that contains more information on the email that was forwarded to you? I think it could be helpful if you included the screen shots and additional materials the ADP sales rep mentioned. If that was not included in the email, than it seems like that rep knew you would get that email, and you were just baited.