All of the data requests we make to Workday are in the form of SOAP requests, except for Time Off data. Workday only supports the full breadth of Time Off data through their REST API, which requires a different set of credentials (OAuth).

We don't currently ask users to input these additional credentials in Merge Link, so the setup has to be done on our end after sending over your credentials via a secure link. We'll need a few things, outlined below:

1. Follow our main Workday guide with one minor difference:

This section of the main guide says to enable GET access to the list of domains. To access Time Off data, you will need both GET and View Access to the Time Off domains.

Here are the minimum set of domains you will need enabled:

Operation

Domain Security Policy

Get Only

Worker Data: Current Staffing Information

Get Only

Worker Data: Public Worker Reports

View Only

Worker Data: Public Worker Reports

Get Only

Worker Data: Time Off

View Only

Worker Data: Time Off

Get Only

Worker Data: Time Off (Time Off)

View Only

Worker Data: Time Off (Time Off)

Get Only

Worker Data: Time Off (Time Off Balances Manager View)

View Only

Worker Data: Time Off (Time Off Balances Manager View)

Get Only

Worker Data: Time Off (Time Off Balances)

View Only

Worker Data: Time Off (Time Off Balances)

Get Only

Worker Data: Time Off (Time Off Manager View)

View Only

Worker Data: Time Off (Time Off Manager View)

Once you have finished the main guide, the steps below will guide you in creating an API Client that we can use to access the Time Off data.

2. Find your Token Endpoint URL

  1. Log in to the Workday tenant.

  2. In the Search field, type View API Client.

  3. Select the View API Clients task.

  4. On the View API Clients page, save the URL in the Token Endpoint field.

3. Create a new API Client for Integrations

  1. In the Search field, type Register api client for integrations.

  2. Select the Register API Client for integrations task.

  3. On the Register API client for Integrations page, in the Client Name field, enter the client name.

  4. Select the Non-Expiring Refresh Tokens option.

  5. In the Scope (Functional Areas) field, select:

    1. Tenant Non-Configurable

    2. Staffing

    3. Time Off and Leave

  6. Click OK.

    The client ID and client secret are displayed.

  7. Save the Client Secret and Client ID.

  8. Click Done

4. Generate a non-expiring Refresh Token

  1. In the Search field, type View API client.

  2. Select the View API Clients task.

  3. On the View API Clients page, click the API Clients for Integrations tab.

  4. Click the client you created in Create a new API Client for Integrations.

  5. Click API Client > Manage Refresh Tokens for Integrations.

  6. On the Manage Refresh Tokens for Integrations page, in the Workday Account field, enter the Workday account of a user who has access to the custom report.

    Set up the user as a service account instead of an actual Workday user to prevent permissions being removed from the account due to a job change.

  7. Click OK.

  8. Return to the Workday home page.

  9. In the Search field, type Register api client for integration.

  10. On the Delete or Regenerate Refresh Token page, select the Generate New Refresh Token option.

  11. Click OK.

  12. On the Successfully Regenerated Refresh Token Page, copy the refresh token.

  13. Click Done.

5. Send Merge the credentials

Send Merge the following credentials via a secure link (we recommend Doppler):

  1. Token Endpoint URL

  2. Client ID

  3. Client Secret

  4. Refresh Token

Merge will update your linked account with the credentials and Time Off data will start syncing!


If you face any issues during this process, please don't hesitate to reach out to us!

Did this answer your question?