> ## Documentation Index
> Fetch the complete documentation index at: https://nango.dev/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# How to set Workday up with Nango

> Register your own OAuth app and configure Workday for production use in Nango

This guide will show you how to register your application with Workday to obtain your own production OAuth credentials (client id & secret).

Once you complete this guide, your users can grant your app access to their Workday account. You will have full access to the Workday REST API, which lets you read and write data in the connected Workday accounts.

<Steps>
  <Step title="Access the Workday API Client Registration">
    1. Log in to your **Workday tenant** as an administrator.
    2. In the **Search bar**, type **Register API Client** and select it.
  </Step>

  <Step title="Create OAuth 2.0 credentials">
    1. On the **Register API Client** page, configure:
       * **Client Name**: Enter a unique, descriptive name (e.g., `Nango HRIS Integration`).
       * **Client Grant Type**: Select **Authorization Code Grant** (required for OAuth 2.0 flows).
       * **Access Token Type**: Select **Bearer** (standard for API authentication).
       * **Redirection URI**: Set to `https://api.nango.dev/oauth/callback`.
         * Use your custom callback URL if your Nango account has one set up.
       * **Non-Expiring Refresh Tokens**: ✅ Enable (recommended for long-lived access).
       * **Scope** (Functional Areas):
         * **Custom Objects > System** (required for custom object operations).
         * **System - Workday Query Language (WQL)** (required for WQL queries).
         * **HRIS** (for core employee/personnel data).
         * **Staffing** (for recruitment/hiring data).
         * **Tenant Non-Configurable** (read-only tenant settings).
       * **Include Workday Owned Scope**: ⚠️ Optional; it grants access to API scopes that are owned and managed by Workday itself.
    2. Click **OK** to generate client credentials (**Client ID and Client Secret**), save these credentials securely as you'll need them when configuring your integration in Nango.
  </Step>

  <Step title="Obtain refresh token (optional)">
    <Note>
      The refresh token is **optional**. If omitted, Nango will automatically obtain and use the refresh token from the OAuth authorization flow. If you provide a refresh token, Nango will use the one you provide instead. **Important**: If you provide a refresh token, it must be non-expiring to ensure token refresh operations don't fail. Make sure **Non-Expiring Refresh Tokens** is enabled when registering your API client (see Step 2).
    </Note>

    To obtain a refresh token:

    1. After registering your API client, navigate to the API client details page of your newly registered client.
    2. Click the **Related Actions** icon (usually represented by three dots or a gear icon).
    3. Go to **API Client** → click **Manage Refresh Tokens for Integrations**.
    4. In the prompt that appears, enter the **Integration System User (ISU)** in the **Workday Account** field.
       * For information on creating an ISU, see [Workday Integration Security User](https://community.workday.com/sites/default/files/file-hosting/restapi/index.html).
    5. A new screen will appear. Check the **"Regenerate New Refresh Token"** box and click **OK**.
    6. A new refresh token will be generated. Save this token securely as you'll need it when configuring your integration in Nango (optional).
  </Step>

  <Step title="Configure your integration in Nango">
    Follow the [*Quickstart*](/getting-started/quickstart) to add your credentials to Nango.
  </Step>
</Steps>