Skip to main content
  • Setup
  • Reference

What You'll Need

CredentialDescription
Client IDOAuth client identifier
Client SecretOAuth client secret
Refresh TokenLong-lived refresh token
Tenant URLWorkday tenant base URL

Overview

Connect to Workday via OAuth 2.0 with refresh tokens for reliable, long-lived API access to HR data.

Workers & Orgs

Employee profiles, org hierarchy

Time & Attendance

Time off balances, requests, schedules

Prerequisites

Administrator access required. You need privileges in to complete this setup.If you don’t have admin access, contact your administrator to:
  • Create the API credentials on your behalf, OR
  • Grant you temporary admin access to complete the setup
  • Integration System Administrator security role in Workday
  • Access to register API clients
  • Understanding of Workday’s domain structure

Setup Guide

1

Register API Client

  1. In Workday, search for: Register API Client for Integrations
  2. Click the task
  3. Fill in:
FieldValue
Client NameParable Integration
Non-Expiring Refresh Tokens✅ Enabled
Functional AreasSelect relevant areas (see below)
2

Select Functional Areas

Enable access to:
  • Human Resources
  • Staffing
  • Absence
  • Organization
Click Done
3

Copy Client Credentials

After registration, Workday displays:
  • Client ID
  • Client Secret
Copy these immediately — the Client Secret is only shown once!
4

Create Integration System User

  1. Search: Create Integration System User
  2. Create a dedicated user for the integration
  3. Set a strong password
  4. Note the username
5

Configure Security Groups

  1. Search: Create Security Group
  2. Create an Integration Security Group
  3. Assign the Integration System User
  4. Grant necessary domain permissions for:
    • Worker Data (READ)
    • Organization (READ)
    • Absence (READ)
6

Generate Refresh Token

  1. Search: View API Clients
  2. Find Parable Integration
  3. Click API ClientManage Refresh Tokens for Integrations
  4. Select the integration user → Generate
  5. Copy the Refresh Token
With non-expiring tokens enabled, this token won’t expire unless revoked.
7

Note Your Tenant URL

Your Workday tenant URL follows this pattern:
https://wd5-impl-services1.workday.com/ccx/api/v1/YOUR_TENANT
Replace YOUR_TENANT with your tenant name and adjust the data center as needed.