Workday Report as a Service (RaaS) via Apideck Proxy API

This guide walks you through creating a Report as a Service (RaaS) in Workday and accessing it via the Apideck Proxy API.

Prerequisites

You’ll need:

A Workday account with permissions to create custom reports
An Integration System User (ISU) configured in Workday
A Workday connection in Apideck with:
- username – ISU username
- password – ISU password
- tenant_id – e.g. acme in https://impl.workday.com/acme/d/home.html
- wsdl_url – e.g. https://services1.myworkday.com/ccx/service

Step 1: Create a Custom Report in Workday

1. Sign in to Workday with an account that can create reports.

2. Open the Create Custom Report task

In the global search: “Create Custom Report”

Select the task to open the wizard

3. Configure report details

Report Name: A unique, descriptive name
Report Type: Select Advanced
This is required to expose the report as a web service
Enable as Web Service: ✅ Check this box
If this is not enabled, the report will not be accessible via REST.

Data Source: Select the Data Source, for example: Workers for HCM Reporting, which:

Uses Worker as the primary business object
Good default for employee/worker-related data

4. Add columns (fields)

Go to the Columns tab.
Add the fields you want to expose via API, for example:
- Worker ID / Employee Number
- First Name, Last Name, Middle Name
- Email Address
- Preferred Name
- Next Anniversary (or other date fields)
- Department, Job Title, etc.

5. (Optional) Add prompts (filters)

Go to the Prompts tab.
Use prompts if you want to filter the report via query parameters.

Examples:

Effective Date
Department
Worker Status (active / inactive)

6. Save the report

Click OK.
Note the exact report name – it will be used in the URL.

Step 2: Share the Report with the Integration System User (ISU)

1. Edit the custom report

Search for “Edit Custom Report”.
Select your newly created report.

2. Share with the ISU

Go to the Share tab.
Add your Integration System User (e.g. testuser) to the authorized users.
This is required for API access:
- If the ISU doesn’t have access, you’ll typically see 401 or 403 errors.

3. Save

Click OK and verify the ISU is listed under authorized users.

Step 3: Get the Report URL

1. Open the report in Workday

Search for the report by name
Open the Actions menu for the report
Go to Web Service > View URLs
A dialog will show URLs for different formats (JSON, XML, etc.)

2. Copy the Workday XML WSDL URL

Step 4: Access Report via Apideck Proxy API

The Apideck Proxy API allows you to access Workday Reports as a Service using SOAP with automatic credential injection via placeholders.

1. Downstream URL

This is the Workday XML Report URL you copied in the previous step:

Example structure:

https://impl-services1.wd12.myworkday.com/ccx/service/customreport2/acme/reportownername/Employee_List_Report

We support placeholders for connection-level fields only:

{username}
{password}
{tenant_id}
{wsdl_url}

We do not support placeholders for report owner and report name because Workday requires the exact report owner and report name in the URL, and these values vary per report - not per connection, so Apideck cannot interpolate them.

Example downstream URL with placeholders:

{wsdl_url}/customreport2/{tenant_id}/reportownername/Employee_List_Report

2. cURL example

curl --location 'https://unify.apideck.com/proxy' \
  --header 'x-apideck-consumer-id: test-consumer' \
  --header 'x-apideck-app-id: YOUR_APP_ID' \
  --header 'x-apideck-service-id: workday' \
  --header 'Authorization: Bearer YOUR_API_KEY' \
  --header 'Content-Type: application/soap+xml' \
  --header 'Accept: application/xml' \
  --header 'x-apideck-downstream-method: POST' \
  --header 'x-apideck-downstream-url:{wsdl_url}/customreport2/{tenant_id}/reportownername/Employee_List_Report'

3. Request Body Format

Your request body must contain a SOAP envelope using the WS-Security username/password token. Apideck automatically replaces {username}, {tenant_id}, and {password} with the Vault connection settings.

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wd="urn:com.workday.report/Employee_List_Report">
    <soapenv:Header>
        <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:UsernameToken wsu:Id="UsernameToken-">
                <wsse:Username>{username}@{tenant_id}</wsse:Username>
                <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">{password}</wsse:Password>
            </wsse:UsernameToken>
        </wsse:Security>
    </soapenv:Header>
    <soapenv:Body>
        <wd:Execute_Report>
            <wd:Report_Parameters>
            </wd:Report_Parameters>
        </wd:Execute_Report>
    </soapenv:Body>
</soapenv:Envelope>

4. Expected Response Format

Workday returns the raw XML and the actual structure depends on the fields/columns you configured in the report. A simple example:

<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <env:Body>
    <wd:Report_Data xmlns:wd="urn:com.workday.report/Employee_List_Report">
      <wd:Report_Entry>
        <wd:Worker_ID>12345</wd:Worker_ID>
        <wd:First_Name>John</wd:First_Name>
        <wd:Last_Name>Doe</wd:Last_Name>
        <wd:Email>john.doe@example.com</wd:Email>
      </wd:Report_Entry>
      <wd:Report_Entry>
        <wd:Worker_ID>67890</wd:Worker_ID>
        <wd:First_Name>Jane</wd:First_Name>
        <wd:Last_Name>Smith</wd:Last_Name>
        <wd:Email>jane.smith@example.com</wd:Email>
      </wd:Report_Entry>
    </wd:Report_Data>
  </env:Body>
</env:Envelope>