Workday RaaS (Report as a Service) Integration

TL;DR

• Bottom line: RaaS exposes Workday custom reports as REST/SOAP web services for outbound data extraction. Best for scheduled report pulls under 50K rows; use WQL with native pagination for anything larger.
• Key limit: 30-minute execution timeout + 2 GB output cap + zero native pagination. All three constraints interact -- a large report that exceeds any one of these fails completely.
• Watch out for: No pagination means Workday attempts to generate the entire result set in memory at once. Reports over ~50K rows routinely timeout or hit the 2 GB wall. You must implement pseudo-pagination using prompt parameter date-range chunking.
• Best for: Scheduled batch extraction of HR, payroll, and financial data under 50K rows per report run, with prompt-based filtering.
• Authentication: ISU (Integration System User) + WS-Security for SOAP; ISU + Basic Auth or OAuth 2.0 for REST. RaaS is included in all Workday subscriptions -- no additional license required.

System Profile

Workday RaaS (Reports as a Service) converts Advanced custom reports into web service endpoints accessible via both REST and SOAP protocols. It is included in every Workday subscription at no additional cost. RaaS is outbound-only -- it reads data from Workday but cannot write, update, or delete records. For write operations, use Workday SOAP Web Services or REST API.

This card covers the RaaS surface specifically. Workday offers four data access strategies: SOAP Web Services (full CRUD), REST API (modern JSON-based subset), RaaS (report-driven extraction), and WQL (Workday Query Language with native pagination). RaaS is the most commonly used for integration data extraction because it leverages existing report definitions. [src5]

API Surfaces & Capabilities

RaaS REST and RaaS SOAP share the same underlying report engine and constraints. The key difference: SOAP allows request parameters in the message body (no URL length limits), while REST passes parameters as URL query strings (capped at ~2,083 characters). [src3]

Rate Limits & Quotas

Per-Request Limits

Rolling / Daily Limits

Workday-Specific Constraints

Authentication

Authentication Gotchas

• ISU username must include the tenant name in the format username@tenant_id -- omitting the tenant suffix causes "Customer ID not specified" errors. [src1]
• The ISU must be added to an ISSG with explicit domain permissions for every data source the report accesses. Missing a single domain causes "Access Denied" with no indication of which domain is missing. [src2]
• OAuth refresh tokens in Workday are non-expiring by default, but an admin can revoke them. Build token refresh logic regardless. [src4]
• Sandbox and production use different ISU credentials and different tenant endpoints. Hardcoding either will break promotion between environments. [src4]

Constraints

• 30-minute timeout: Workday terminates any RaaS report execution that exceeds 30 minutes. There is no way to extend this.
• 2 GB output cap: The maximum response payload for any RaaS endpoint is 2 GB. Reports approaching this limit often timeout before reaching it due to memory pressure.
• No native pagination: RaaS generates the entire result set in a single response. There is no page, offset, limit, or cursor parameter.
• ~10 req/s tenant-wide throttle: Workday drops requests exceeding approximately 10 per second across the entire tenant. No HTTP 429 is returned.
• REST URL length limit: GET requests via REST are constrained to ~2,083 characters.
• Advanced report type required: Only Advanced custom reports with "Enable As Web Service" checked are eligible.
• Memory pressure on tenant: Large RaaS reports consume tenant memory. Running multiple large reports concurrently degrades performance for all users.

Integration Pattern Decision Tree

START -- User needs to extract data from Workday via reports
|-- How many rows does the report return?
|   |-- < 10,000 rows
|   |   |-- Simple filters? --> RaaS REST with JSON format
|   |   |-- Many filter values (>50)? --> RaaS SOAP (no URL length limit)
|   |   +-- Need incremental loads? --> RaaS REST + Effective_Date prompt
|   |-- 10,000-50,000 rows
|   |   |-- Can filter by date range? --> RaaS REST with date-range pseudo-pagination
|   |   |-- Need full snapshot? --> RaaS SOAP (single call, monitor for timeout)
|   |   +-- Approaching timeout? --> Split into org-based chunks via prompt parameters
|   |-- > 50,000 rows
|   |   |-- WQL available? --> Use WQL with native limit/offset pagination
|   |   |-- Must use reports? --> Mandatory pseudo-pagination (date + org chunking)
|   |   +-- > 200,000 rows? --> WQL pagination + parallel processing
|   +-- > 1,000,000 rows
|       +-- RaaS is NOT viable --> Use WQL with parallel paginated extraction
|-- What output format?
|   |-- JSON --> ?format=json (recommended)
|   |-- CSV  --> ?format=csv  (best for data lake loads)
|   |-- XML  --> ?format=simplexml or default
|   +-- RSS/GData --> Rarely used
|-- SOAP vs REST?
|   |-- Few prompt values + JSON needed --> REST
|   |-- Many prompt values (>50 IDs) --> SOAP (parameters in body)
|   +-- Need multi-instance in single call --> SOAP (dramatically faster)
+-- Error tolerance?
    |-- Zero-loss required --> Retry with exponential backoff + dead letter queue
    +-- Best-effort --> Retry 3x with 30s delays, log failures

Quick Reference

Step-by-Step Integration Guide

1. Create and enable the custom report

Build an Advanced custom report in Workday with the required data sources, columns, and filters. Set XML aliases for every field. Enable "Web Service" in the report's Advanced tab. [src1]

Verify: Navigate to the report > Related Actions > Web Service > View URLs. You should see REST and SOAP endpoint URLs listed.

2. Configure ISU and security permissions

Create an ISU and ISSG. Add the ISU to the ISSG. Grant domain permissions (GET access) for every data source. Share the report with the ISSG. [src2]

Verify: Log in as the ISU and run the report in Workday UI. If you see data, the ISU has correct permissions.

3. Authenticate and fetch via REST

Construct the RaaS REST URL and call it with Basic Auth. [src1, src7]

curl -u "ISU_User@tenant_name:password" \
  "https://wd2-impl-services1.workday.com/ccx/service/customreport2/tenant_name/report_owner/Report_Name?format=json"

Verify: HTTP 200 with JSON body containing Report_Entry array.

4. Add prompt parameters for filtering

Pass prompt values as URL query parameters to filter the report at runtime. [src7]

curl -u "ISU_User@tenant_name:password" \
  "https://wd2-impl-services1.workday.com/ccx/service/customreport2/tenant_name/owner/Report?format=json&Effective_Date=2026-01-01-08:00"

Verify: Response contains only records matching the filter criteria.

5. Implement pseudo-pagination for large datasets

Since RaaS lacks native pagination, chunk requests using date-range prompts. [src1, src5]

import requests
from datetime import datetime, timedelta

BASE_URL = "https://wd2-impl-services1.workday.com/ccx/service/customreport2/tenant/owner/Report"
AUTH = ("ISU_User@tenant", "password")

def fetch_raas_chunked(start_date, end_date, chunk_days=7):
    all_rows = []
    current = start_date
    while current < end_date:
        chunk_end = min(current + timedelta(days=chunk_days), end_date)
        params = {
            "format": "json",
            "Start_Date": current.strftime("%Y-%m-%d-08:00"),
            "End_Date": chunk_end.strftime("%Y-%m-%d-08:00"),
        }
        resp = requests.get(BASE_URL, auth=AUTH, params=params, timeout=1800)
        resp.raise_for_status()
        rows = resp.json().get("Report_Entry", [])
        all_rows.extend(rows)
        current = chunk_end
    return all_rows

Verify: Total row count matches expected count from the full report run in Workday UI.

6. Implement retry logic with throttle handling

Workday silently drops requests exceeding ~10/second. Build in delays and retries. [src6]

import time
import requests

def fetch_with_retry(url, auth, params, max_retries=5, base_delay=30):
    for attempt in range(max_retries):
        try:
            resp = requests.get(url, auth=auth, params=params, timeout=1800)
            if resp.status_code == 200:
                return resp.json()
            elif resp.status_code in (500, 502, 503):
                delay = base_delay * (2 ** attempt)
                time.sleep(delay)
            else:
                resp.raise_for_status()
        except Exception as e:
            delay = base_delay * (2 ** attempt)
            time.sleep(delay)
    raise Exception(f"Failed after {max_retries} retries")

Verify: Function returns JSON data. Check logs for retry attempts.

Code Examples

Python: Fetch RaaS report with Basic Auth

# Input:  ISU credentials, tenant, report details
# Output: Parsed JSON report data as list of dicts

import requests  # requests==2.31.0

WORKDAY_HOST = "https://wd2-impl-services1.workday.com"
TENANT = "your_tenant"
REPORT_OWNER = "ISU_Report_Owner"
REPORT_NAME = "Active_Workers_Report"
ISU_USER = f"ISU_User@{TENANT}"
ISU_PASS = "your_password"

url = f"{WORKDAY_HOST}/ccx/service/customreport2/{TENANT}/{REPORT_OWNER}/{REPORT_NAME}"
params = {"format": "json"}

response = requests.get(url, auth=(ISU_USER, ISU_PASS), params=params, timeout=1800)
response.raise_for_status()

data = response.json()
rows = data.get("Report_Entry", [])
print(f"Fetched {len(rows)} records")

JavaScript/Node.js: Fetch RaaS report

// Input:  ISU credentials, tenant, report details
// Output: Parsed JSON report data

const axios = require("axios"); // [email protected]

const WORKDAY_HOST = "https://wd2-impl-services1.workday.com";
const TENANT = "your_tenant";
const ISU_USER = `ISU_User@${TENANT}`;
const ISU_PASS = "your_password";

async function fetchRaaSReport(reportOwner, reportName, promptParams = {}) {
  const url = `${WORKDAY_HOST}/ccx/service/customreport2/${TENANT}/${reportOwner}/${reportName}`;
  const params = { format: "json", ...promptParams };
  const response = await axios.get(url, {
    auth: { username: ISU_USER, password: ISU_PASS },
    params,
    timeout: 1800000,
  });
  return response.data.Report_Entry || [];
}

cURL: Quick RaaS test

# Fetch report as JSON
curl -u "ISU_User@tenant:password" \
  "https://wd2-impl-services1.workday.com/ccx/service/customreport2/tenant/owner/Report?format=json"

# Fetch with prompt filter
curl -u "ISU_User@tenant:password" \
  "https://wd2-impl-services1.workday.com/ccx/service/customreport2/tenant/owner/Report?format=json&Hire_Date_From=2026-01-01-08:00"

Data Mapping

Field Mapping Reference

Data Type Gotchas

• Workday dates include a timezone offset suffix (e.g., 2026-01-15-08:00) that is not standard ISO 8601. Most JSON parsers will not handle this automatically. [src1]
• WID references are opaque 32-character hex strings. Stable within a tenant but not portable across tenants. Map to business keys for external systems. [src2]
• Boolean fields in RaaS JSON output are returned as string "1" or "0", not native JSON true/false. [src1]
• Multi-valued fields are returned as nested arrays. A report with 10,000 workers each having 3 emails produces 30,000 email sub-records. [src7]
• Currency amounts do not include currency code by default. For multi-currency tenants, add the currency field explicitly. [src2]

Error Handling & Failure Points

Common Error Codes

Failure Points in Production

• Silent request drops at rate limit: Workday drops requests exceeding ~10/second with no HTTP error. Fix: Implement a request queue with max 8 req/s throughput and exponential backoff retry. [src6]
• 30-minute timeout on growing datasets: Reports that work today timeout in months as data grows. Fix: Implement date-range pseudo-pagination from day one; target <15 min per call. [src1]
• Missing XML aliases cause silent data loss: Fields without XML aliases are silently omitted from output. Fix: Audit every report field for XML alias before go-live. [src7]
• ISU password expiration: Password rotation policies break unattended integrations. Fix: Set ISU to non-expiring passwords or implement automated credential rotation. [src4]
• Tenant-specific WID values: WIDs differ between sandbox and production. Fix: Map by business key, not WID. [src2]
• Multi-currency amounts without currency codes: Silent data corruption when amounts lack currency indicators. Fix: Always include the currency reference field alongside amount fields. [src2]

Anti-Patterns

Wrong: Fetching entire dataset without filters

# BAD -- fetches all workers in one call; will timeout for orgs with >50K workers
response = requests.get(f"{BASE_URL}?format=json", auth=AUTH, timeout=1800)
all_workers = response.json()["Report_Entry"]

Correct: Pseudo-paginate with date-range chunking

# GOOD -- fetches in weekly chunks; each stays under timeout
all_workers = []
current = datetime(2026, 1, 1)
end = datetime(2026, 3, 1)
while current < end:
    chunk_end = min(current + timedelta(days=7), end)
    params = {"format": "json", "Hire_Date_From": current.strftime("%Y-%m-%d-08:00")}
    resp = requests.get(BASE_URL, auth=AUTH, params=params, timeout=1800)
    all_workers.extend(resp.json().get("Report_Entry", []))
    current = chunk_end

Wrong: Looping REST calls for each worker

# BAD -- one REST call per worker burns through rate limit in seconds
for worker_id in worker_ids:  # 5,000 IDs
    resp = requests.get(f"{BASE_URL}?format=json&Worker!WID={worker_id}", auth=AUTH)
    results.append(resp.json())

Correct: Single SOAP call with all worker IDs in body

# GOOD -- one SOAP call passes all IDs in body (no URL length limit)
# Reduces run time from hours to minutes
soap_body = build_soap_envelope(worker_ids)
resp = requests.post(SOAP_URL, data=soap_body, headers={"Content-Type": "text/xml"})

Wrong: No rate limiting or retry logic

# BAD -- blasts requests; Workday drops silently
for chunk in date_chunks:
    resp = requests.get(f"{BASE_URL}?format=json&Date={chunk}", auth=AUTH)

Correct: Rate-limited requests with retry

# GOOD -- respects ~10 req/s limit with built-in retry
for i, chunk in enumerate(date_chunks):
    if i > 0 and i % 8 == 0:
        time.sleep(1.5)  # Stay under 10 req/s
    resp = fetch_with_retry(BASE_URL, AUTH, {"format": "json", "Date": chunk})

Common Pitfalls

• Assuming RaaS supports pagination: The most expensive mistake. Teams discover in production that a single call must return all data. Fix: Design for pseudo-pagination from the start using prompt parameters. [src1]
• Ignoring timeout during development: Reports run fast in sandbox (small data) but timeout in production. Fix: Test with production-volume data; target <15 min per call. [src1]
• Hardcoding WIDs across environments: Sandbox and production have different WIDs. Fix: Map by business key, never by WID. [src2]
• Not setting XML aliases: Fields without aliases are silently dropped from output. Fix: Set XML aliases for every field in the report. [src7]
• Using REST when SOAP would be faster: One client reduced run time from 1+ hour to 7 minutes by switching to single multi-instance SOAP call. Fix: Use SOAP for >50 parameter values. [src3]
• Running concurrent large reports: Multiple large reports compete for tenant memory, causing cascading timeouts. Fix: Serialize large report executions via a job queue. [src6]
• Omitting currency codes: Monetary fields return raw numbers without currency indicators. Fix: Always include the currency reference field alongside amount fields. [src2]

Diagnostic Commands

# Test RaaS authentication (expect 200, 401 = bad creds, 403 = no access)
curl -s -o /dev/null -w "%{http_code}" \
  -u "ISU_User@tenant:password" \
  "https://wd2-impl-services1.workday.com/ccx/service/customreport2/tenant/owner/Report?format=json"

# Fetch report and check row count
curl -s -u "ISU_User@tenant:password" \
  "https://wd2-impl-services1.workday.com/ccx/service/customreport2/tenant/owner/Report?format=json" \
  | python3 -c "import sys,json; d=json.load(sys.stdin); print(f'Rows: {len(d.get(\"Report_Entry\",[]))}')"

# Measure report execution time (watch for >15 min)
time curl -s -u "ISU_User@tenant:password" \
  "https://wd2-impl-services1.workday.com/ccx/service/customreport2/tenant/owner/Report?format=json" \
  -o /dev/null

# Verify output size (watch for approaching 2GB)
curl -s -u "ISU_User@tenant:password" \
  "https://wd2-impl-services1.workday.com/ccx/service/customreport2/tenant/owner/Report?format=csv" \
  -o report.csv && ls -lh report.csv

Version History & Compatibility

Workday follows a release-based versioning model (two major releases per year). API versions are supported for approximately 3 years. RaaS endpoint URLs include the API version implicitly through the tenant configuration. [src4]

When to Use / When Not to Use

Important Caveats

• RaaS limits (timeout, output size, rate) are tenant-wide and not configurable by customers. Workday does not offer enterprise tier overrides.
• The ~10 req/s rate limit is tenant-wide, not per-integration. Multiple integrations sharing a tenant share this budget.
• Sandbox environments may have different data volumes than production, causing reports that work in sandbox to timeout in production.
• Workday releases twice per year (March and September). Each release may change report behavior, field availability, or security model.
• RaaS is read-only. It cannot write data back to Workday. Bidirectional sync needs RaaS + SOAP/REST API.
• The 2 GB limit and 30-minute timeout interact: a report generating 1.8 GB may timeout at 28 minutes due to memory pressure being the practical bottleneck.