Workday Strategic Sourcing Attachments API (1.0)

We've provided detailed documentation below to guide you. However, if you need additional assistance, here's how you can get the support you need:

• Community Discussions: Join the conversation on our Workday Community Discussion Boards (found under the "Collaborate" section in community). Connect with other users, share best practices, and get answers to your configuration questions.
• Expert Configuration Assistance (Professional Services): For tailored, hands-on support with your specific project, our Professional Services team is available.
  • Looking for personalized guidance? Workday Success Plan customers can submit an "Ask" for expert insights on configuration and best practices.
  • Need custom solutions? Consider Expert Assist, our consulting service for detailed changes and project support.
• Reporting System Issues: If you suspect a problem with the Workday system itself, please connect with our dedicated support team. Your company's Named Support Contact (NSC) can log a Product Support Defect case. We'll review the issue based on its impact and Workday's service level agreement (SLA).

US Region

EU Region

CA Region

The API conforms to the JSON API Specification.

The current version of this service is indicated by the X-Api-Version header.

Sample version header: X-Api-Version: 1.0.

The Workday Strategic Sourcing API uses API keys to authenticate requests. Every request will require all 3 HTTP headers:

You can generate all of those from the API tokens section of your Profile page.

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Rate limit windows are per second and are shared by all API Keys for a company.

The rate limit is 5 requests per second.

When request submissions exceed the limits, the limit-exceeding requests return 429 Too Many Requests error responses to the client.

Upon receiving a 429 response, it is recommended to retry the request in compliance with the rate limit. One example would be to add a sleep function for 1 second and retry.

Use the attachments API to create, update, and delete the attachments in Workday Strategic Sourcing.

Creating attachments for Workday Strategic Sourcing objects is a two-step process. First, you need to inform the system about your intention to upload an attachment by issuing a "Create an Attachment" request, consisting of the file name and a link to the object to which you are adding an attachment. The link is represented by a relationship object containing an object ID and its type.

In the response you will receive a link in the upload_url attributes, along with required HTTP headers to send with your file. You will need to upload your file as a binary stream in a PUT request into the specified URL, making sure the required headers are present. Here is how the workflow might look like when triggered from a console:

$ curl -H "X-Api-Key: ${COMPANY_KEY}" \
       -H "X-User-Token: ${USER_TOKEN}" \
       -H "X-User-Email: ${USER_EMAIL}" \
       -H "Content-Type: application/vnd.api+json" \
       -X POST \
       -d '
         {
           "data": {
             "type": "attachments",
             "attributes": {
               "title": "My Interesting Document",
               "file_name": "Some Interesting File.pdf"
             },
             "relationships": {
               "contract": {
                 "data": {
                   "id": 1,
                   "type": "contracts"
                 }
               }
             }
           }
         }
       ' \
       "https://api.us.workdayspend.com/services/attachments/v1/attachments"

{
    "data": {
        "id": "1",
        "type": "attachments",
        "attributes": {
            "title": "My Interesting Document",
            "file_size": null,
            "upload_url": "https://upload.s3.amazonaws.com/uploads/contract/1/hex/file.pdf?some=very&long=url",
            "upload_headers": [
                {
                    "name": "Content-Type",
                    "value": "application/octet-stream"
                },
                {
                    "name": "x-amz-acl",
                    "value": "private"
                },
                {
                    "name": "x-amz-server-side-encryption",
                    "value": "AES256"
                },
                {
                    "name": "Content-Disposition",
                    "value": "attachment"
                }
            ]
        }
    }
}

$ curl -X PUT \
    --data "@file.pdf" \
    -H "Content-Type: application/octet-stream" \
    -H "x-amz-acl: private" \
    -H "x-amz-server-side-encryption: AES256" \
    -H "Content-Disposition: attachment" \
    https://upload.s3.amazonaws.com/uploads/contract/1/hex/file.pdf?some=very&long=url

The upload URL expires within 15 minutes after issuing. Please note that you will not be able to upload the data file to the attachment object after that. An automated system will purge all partial uploads after a certain period (usually within 30-60 minutes after creation) to prevent orphan records from overflowing the system.

Please Note: The list of headers and their values might change at any time, so when you're implementing an integration with the Workday Strategic Sourcing system, make sure to include all of the HTTP headers returned from the attachments endpoint.