Establishing a Connection
Creating a JDBC Data Source
You can create a JDBC data source to connect from your Java application. Creating a JDBC data source based on the CData JDBC Driver for Workday consists of three basic steps:
- Add the driver JAR file to the classpath. The JAR file is located in the lib subfolder of the installation directory. Note that the .lic file must be located in the same folder as the JAR file.
- Provide the driver class. For example:
cdata.jdbc.workday.WorkdayDriver
- Provide the JDBC URL. For example:
jdbc:workday:User=myuser;Password=mypassword;Tenant=mycompany;Host=https://wd3-impl-services1.workday.com or jdbc:cdata:workday:User=myuser;Password=mypassword;Tenant=mycompany;Host=https://wd3-impl-services1.workday.com
The second format above can be used whenever there is a conflict in your application between drivers using the same URL format to ensure you are using the CData driver. The URL must start with either "jdbc:workday:" or "jdbc:cdata:workday:" and can include any of the connection properties in name-value pairs separated with semicolons.
Connecting to the Workday WQL API
The WQL service must be enabled before connecting:
- Open Workday and enter View Domain in the search bar. Enter Workday Query Language for the prompt.
- Check that one of the Allowed Security Group Types includes the user you are connecting with.
Configuring the Host and Tenant
To obtain the Host and Tenant properties, log into Workday and search for View API Clients. On this screen, Workday will display the Workday REST API Endpoint which contains both the Host and Tenant. The Tenant is the portion after the last slash, while the Host is the "https://" and the domain name.
For example: if the API endpoint is https://wd3-impl-services1.workday.com/ccx/api/v1/mycompany, the Host is https://wd3-impl-services1.workday.com and the Tenant is mycompany.
You also have the option of connecting to reports when the UseWQL property is enabled. See Fine-Tuning Data Access for details on how to configure this.
Authenticating to Workday
You can authenticate to the Workday WQL API as a normal (non-ISU) user, or an ISU (via either OAuth or OAuthJWT).
Normal User
To authenticate as a normal user in Workday, you must first create an API Client. Please refer to Creating a Custom OAuth Application for details on the procedure.
Once you have an API client configured, set the following properties to connect:
- AuthScheme: Set this to OAuth.
- OAuthClientId: The Client ID obtained from the View API Client page.
- OAuthClientSecret: The Client Secret obtained from the View API Client page. If you are using a public client, leave this blank.
- Tenant: The tenant for the account.
- Host: The host for the REST API Endpoint in the View API Clients page.
ISU
To authenticate as an ISU, you must first create either an API Client or an API Client for Integrations. Please refer to Creating a Custom OAuth Application for details on the procedure. You can create either an API Client for Integrations or an API Client using the JWT bearer grant type.
If you created an API Client for Integrations, set the following properties to connect:
- AuthScheme: Set this to OAuth.
- InitiateOAuth: Set this to REFRESH.
- OAuthClientId: The Client ID obtained from the View API Client page.
- OAuthClientSecret: The Client Secret obtained from the View API Client page.
- OAuthRefreshToken: The refresh token obtained from the Manage Refresh Tokens for Integrations page.
- Tenant: The tenant for the account.
- Host: The host for the REST API Endpoint in the View API Clients page.
If you created an API Client with JWT, set the following properties to connect:
- AuthScheme: Set this to OAuthJWT.
- OAuthJWTCertType: Set this to the certificate type. This will be PFXFILE if you created the certificate with keytool or openssl pkcs12.
- OAuthJWTCert: The path of the certificate file you created.
- OAuthJWTCertPassword: The password of the certificate file you created.
- OAuthJWTIssuer: The Client ID obtained from the View API Client page.
- OAuthJWTSubject: The username of the ISU you are using.
- Tenant: The tenant for the account.
- Host: The host for the REST API Endpoint in the View API Clients page.
Connecting to the Workday SOAP API
Connections using the SOAP API support all the same authentication schemes that the WQL and reporting services do, in addition to basic authentication. Each of the above configurations can be used with SOAP by setting the UseWQL property to false.
Basic authentication can also be used with a normal user or an ISU without configuring an API client:
- UseWQL: Set this to false.
- AuthScheme: Set this to Basic.
- User: The Workday user account name.
- Password: The password used to authenticate the user.
- Tenant: The tenant for the account.
- Host: The host for the REST API Endpoint in the View API Clients page.
Other authentication methods are configured the same way as for the WQL and reporting services. Please refer to the corresponding sections for more details on those authentication schemes as well as the Host and Tenant properties.