Workday REST Api OAuth2.0 flows

I'm looking to integrate to Workday's REST Api services. Sadly enough, I do not have access to Workday's resource center - where all the documentation resides - it takes forever to get access to there.

I was hoping to get some help from the community regarding the overall process.

My main questions are:

  1. Which OAuth flows are supported?
  2. How can I find which scopes are needed for the client functionality I am looking for? (Basically I am looking to get users meta-data information).

From what I managed to collect online so far (without having access to the workday community center) Ive found that Workday supports an authorization code grant flow, and an implicit grant flow.

I also have a basic question regarding the authorization code grant flow:

If I understand correctly, the authorization code grant works as follows:

  1. Send a GET request to the authorization endpoint you get from client registration.
  2. Obtain an access token after authorization is granted via user approval.
  3. Send a POST request to the token endpoint, along with the access token obtained from step 2 in order to obtain an access token.
  4. Use the API with the access token obtained from step 3.

If so, I wonder if step 1 is ALWAYS required? by always I mean once per "access token obtainment" or rather just only once?

I also wonder - if user approval is required, how does this formally happen? where does the window of approval pop up if the requests are sent from a remote server?

Are there any workflows which do not require active user approvals for authorization?


Like 0



Dear colleagues, 
The answers to your main questions are described in the documentation:

Unfortunately, we have no experience with Workday's REST API services.
So, you can find answers to your questions only in Workday's documentation or their support.
Best regards, Alex.

Show all comments