Skip to content

Workday Extract authentication guide

This is a step-by-step guide to acquiring credentials for authorizing the Workday Extract and Workday Custom Reports components for use in Matillion ETL.

The Workday Extract and Workday Custom Reports components use an OAuth for authentication.

Begin by creating an OAuth entry in Matillion ETL, as described in Manage OAuth. You then need to create an API client within Workday, and use this to obtain the Workday credentials you will use to configure the OAuth, as described below.

Acquiring third-party credentials for OAuth

  1. Log in to your Workday account, and on the Workday home page type Register API Client into the search bar. Click on the Register API Client task.
  2. In the register API Client dialog, enter the following details:
    • Client Name: Enter a name for your API client.
    • Client Grant Type: Select Authorization Code Grant.
    • Access Token Type: Select Bearer.
    • Redirection URI: Enter the Callback URL copied from the Manage OAuth dialog in Matillion ETL.
    • Scope (Functional Areas): Enter or select the Workday functional areas that the API user will be allowed to access. These functional areas correspond to the Web Services that the Workday Extract component will be able to access. System Functional Area must be included; other areas are optional.
  3. When you have completed all fields, click OK.
  4. The dialog will refresh and will now show the following fields at the bottom of the screen:

    • Client ID
    • Client Secret
    • Workday REST API Endpoint
    • Token Endpoint
    • Authorization Endpoint

    Copy all of these values, as they will be required to configure the OAuth in Matillion ETL.


    The Client Secret will only be displayed this one time, and therefore must be copied before you close the dialog.

  5. Now return to the Manage OAuth dialog in Matillion ETL to complete the OAuth configuration with the details you have just obtained.