Workday Report as a Service (RaaS) via Apideck Proxy API

This guide walks you through creating a Report as a Service (RaaS) in Workday and accessing it via the Apideck Proxy API.

You’ll need:

• A Workday account with permissions to create custom reports

• An Integration System User (ISU) configured in Workday

• A Workday connection in Apideck with:

  • username – ISU username

  • password – ISU password

  • tenant_id – e.g. acme in https://impl.workday.com/acme/d/home.html

  • wsdl_url – e.g. https://services1.myworkday.com/ccx/service

1. Sign in to Workday with an account that can create reports.

2. Open the Create Custom Report task

   • In the global search: “Create Custom Report”

   

   • Select the task to open the wizard

3. Configure report details

   • Report Name: A unique, descriptive name

   • Report Type: Select Advanced

   • This is required to expose the report as a web service

   • Enable as Web Service: ✅ Check this box

   • If this is not enabled, the report will not be accessible via REST.

   

   • Data Source: Select the Data Source, for example: Workers for HCM Reporting, which:

   • Uses Worker as the primary business object

   • Good default for employee/worker-related data

   

   4. Add columns (fields)

   • Go to the Columns tab.

   • Add the fields you want to expose via API, for example:

     • Worker ID / Employee Number

     • First Name, Last Name, Middle Name

     • Email Address

     • Preferred Name

     • Next Anniversary (or other date fields)

     • Department, Job Title, etc.

     

5. (Optional) Add prompts (filters)

• Go to the Prompts tab.

• Use prompts if you want to filter the report via query parameters.

Examples:

• Effective Date

• Department

• Worker Status (active / inactive)

6.Save the report

• Click OK.

• Note the exact report name – it will be used in the URL.

1. Edit the custom report

   • Search for “Edit Custom Report”.

   • Select your newly created report.

2. Share with the ISU

   • Go to the Share tab.

   • Add your Integration System User (e.g. testuser) to the authorized users.

   • This is required for API access:

     • If the ISU doesn’t have access, you’ll typically see 401 or 403 errors.

   

3. Save

• Click OK and verify the ISU is listed under authorized users.
  

1. Open the report in Workday

   • Search for the report by name

   • Open the Actions menu for the report

   • Go to Web Service > View URLs

   • A dialog will show URLs for different formats (JSON, XML, etc.)

     

2. Copy the Workday XML WSDL URL

   

The Apideck Proxy API allows you to access Workday Reports as a Service using SOAP with automatic credential injection via placeholders.

This is the Workday XML Report URL you copied in the previous step:

Example structure:

https://impl-services1.wd12.myworkday.com/ccx/service/customreport2/acme/reportownername/Employee_List_Report

We support placeholders for connection-level fields only:

• {username}

• {password}

• {tenant_id}

• {wsdl_url}

We do not support placeholders for report owner and report name because Workday requires the exact report owner and report name in the URL, and these values vary per report - not per connection, so Apideck cannot interpolate them.

Example downstream URL with placeholders:

{wsdl_url}/customreport2/{tenant_id}/reportownername/Employee_List_Report

curl --location 'https://unify.apideck.com/proxy' \
  --header 'x-apideck-consumer-id: test-consumer' \
  --header 'x-apideck-app-id: YOUR_APP_ID' \
  --header 'x-apideck-service-id: workday' \
  --header 'Authorization: Bearer YOUR_API_KEY' \
  --header 'Content-Type: application/soap+xml' \
  --header 'Accept: application/xml' \
  --header 'x-apideck-downstream-method: POST' \
  --header 'x-apideck-downstream-url:{wsdl_url}/customreport2/{tenant_id}/reportownername/Employee_List_Report'

Your request body must contain a SOAP envelope using the WS-Security username/password token. Apideck automatically replaces {username}, {tenant_id}, and {password} with the Vault connection settings.

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wd="urn:com.workday.report/Employee_List_Report">
    <soapenv:Header>
        <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:UsernameToken wsu:Id="UsernameToken-">
                <wsse:Username>{username}@{tenant_id}</wsse:Username>
                <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">{password}</wsse:Password>
            </wsse:UsernameToken>
        </wsse:Security>
    </soapenv:Header>
    <soapenv:Body>
        <wd:Execute_Report>
            <wd:Report_Parameters>
            </wd:Report_Parameters>
        </wd:Execute_Report>
    </soapenv:Body>
</soapenv:Envelope>

Workday returns the raw XML and the actual structure depends on the fields/columns you configured in the report. A simple example:

<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <env:Body>
    <wd:Report_Data xmlns:wd="urn:com.workday.report/Employee_List_Report">
      <wd:Report_Entry>
        <wd:Worker_ID>12345</wd:Worker_ID>
        <wd:First_Name>John</wd:First_Name>
        <wd:Last_Name>Doe</wd:Last_Name>
        <wd:Email>john.doe@example.com</wd:Email>
      </wd:Report_Entry>
      <wd:Report_Entry>
        <wd:Worker_ID>67890</wd:Worker_ID>
        <wd:First_Name>Jane</wd:First_Name>
        <wd:Last_Name>Smith</wd:Last_Name>
        <wd:Email>jane.smith@example.com</wd:Email>
      </wd:Report_Entry>
    </wd:Report_Data>
  </env:Body>
</env:Envelope>