Workday SOAP API : How to authenticate

44.1k views Asked by At

I'm a newbie to workday soap api and I'm trying to figure out how to send a soap request to authenticate using SOAPUI. Any suggestions, would be greatly appreciated.

5

There are 5 answers

6
dbh On BEST ANSWER

Workday APIs use WS-Security for authentication.

Remember that the workday host is multi-tenant. So, you'll use the WSDL endpoint to connect to the correct server, and the user name field will contain both your user name and the tenant on that server.

User name format for SOAP Auth to Workday: [user-name]@[tenant-name]

Example: youUserName@tenant6

Your workday account will need to be in the Integration Developer's group, as well.

You may need to adjust security and permissions beyond that to permit access to certain functional groups and domains which relate to the web service.

If you're using SoapUI, do the following:

  • Import the WSDL into a project.
  • In "Integration binding", go to settings.
  • On the "Service endpoints" tab, set the username as I've described above.
  • Set the password to your password in the tenant.
  • The WSS-Type should be set to PasswordText.

Now, you can make a request.

0
cdonner On

Not sure what exactly you are referring to. You authenticate implicitly - there is no separate request. The Workday API documentation is published here. You should read it. When you import the WSDL, for example in a .Net solution, it will give you access to various API classes.

For example, to connect to the Compensation API from an SSIS script task I use the following:

// Instantiate and configure compensation client
CompensationPortClient compClient =  // I use custom binding - gives me more control
      new CompensationPortClient(CompensationObjectFactory.getWorkdayBinding(), 
      new EndpointAddress(endpointURL));

compClient.ClientCredentials.UserName.UserName = userName;
compClient.ClientCredentials.UserName.Password = password;

(I created the CompensationObjectFactory to instantiate all the client-side API objects because the process is somewhat formulaic.) Then you can make API calls with the client object, for example, query a one-time award:

Request_OneTime_Payment_RequestType request = 
    CompensationObjectFactory.getOneTimePaymentRequest(
        CompensationObjectFactory.getBusinessProcessParameters(),
        CompensationObjectFactory.getOneTimePaymentData(
                  planId, currency, amount, effDt, emplID, positionID));

Request_OneTime_Payment_ResponseType response = 
          compClient.Request_OneTime_Payment(request);
0
armandino On

Modifying "Request Properties" worked for me. The username is [user-name]@[tenant-name] as mentioned in @dbh's answer

Screenshot:

Screenshot

0
Schof On

I finally figured this out after debugging a working SOAP UI example by installing wireshark and forcing my request over HTTP!

The previously posted header example did not work for me because it was missing some info. I noticed further that my captured header worked several hours later and I developed a theory that Workday was ignoring everything but username and password. So I tested the following and it worked:

<soapenv:Header>
  <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:UsernameToken wsu:Id="bogus">
      <wsse:Username>user@tenant</wsse:Username>
      <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">[PASSWORD HERE]</wsse:Password>
      <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">bogus</wsse:Nonce>
      <wsu:Created>2000-10-02T21:12:28.365Z</wsu:Created>
    </wsse:UsernameToken>
  </wsse:Security>
</soapenv:Header>

Best of luck if you are reading this. SOAP is a complete nightmare!

0
user6071646 On

To add to the responses already here, you may need to also add in your credentials in the SOAP header, like so:

<soapenv:Header>
  <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:UsernameToken wsu:Id="bogus">
      <wsse:Username>[user]@[tenant]</wsse:Username>
      <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">[PASSWORD HERE]</wsse:Password>
      <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">bogus</wsse:Nonce>
      <wsu:Created>2000-10-02T21:12:28.365Z</wsu:Created>
    </wsse:UsernameToken>
  </wsse:Security>
</soapenv:Header>