Workday request works in SoapUI but not in Postman
I am trying to call the Put_Background_Check operation of the Workday Recruiting web service. I have opened the WSDL file in SoapUI and successfully sent the following XML...
<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope
xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wd="urn:com.workday/bsvc">
<env:Body>
<wd:Put_Background_Check_Request
xmlns:wd="urn:com.workday/bsvc"
wd:version="v26.2">
<wd:Business_Process_Parameters>
<wd:Run_Now>true</wd:Run_Now>
</wd:Business_Process_Parameters>
<wd:Background_Check_Data>
<wd:Event_Reference>
<wd:ID wd:type="Background_Check_ID">BACKGROUND_CHECK_EVENT-6-96</wd:ID>
</wd:Event_Reference>
<wd:Background_Check_Status_Data>
<wd:Status_Date>2016-12-16</wd:Status_Date>
<wd:Status_Reference>
<wd:ID wd:type="Background_Check_Status_ID">Background_Check_Status_Pending</wd:ID>
</wd:Status_Reference>
</wd:Background_Check_Status_Data>
<wd:Package_Reference_Data>
<wd:Package_Reference>
<wd:ID wd:type="Background_Check_Package_ID">BACKGROUND_CHECK_PACKAGE_QR1SQ</wd:ID>
</wd:Package_Reference>
<wd:Status_Reference>
<wd:ID wd:type="Background_Check_Status_ID">Background_Check_Status_Pending</wd:ID>
</wd:Status_Reference>
</wd:Package_Reference_Data>
</wd:Background_Check_Data>
</wd:Put_Background_Check_Request>
</env:Body>
</env:Envelope>
I get the following response...
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Body>
<wd:Put_Background_Check_Response wd:version="v26.2" xmlns:wd="urn:com.workday/bsvc">
<wd:Event_Reference wd:Descriptor="Background Check for Job Application: Elizabeth Taylor - R0000039 Diversity Report Test (Open)">
<wd:ID wd:type="WID">ee6477431cb2100ca61ac0100d041523</wd:ID>
<wd:ID wd:type="Background_Check_ID">BACKGROUND_CHECK_EVENT-6-96</wd:ID>
</wd:Event_Reference>
</wd:Put_Background_Check_Response>
</env:Body>
</env:Envelope>
The URL is https://wd3-impl-services1.workday.com/ccx/service/TENANT/Recruiting/v27.1. Authentication method is basic auth with username@tenant and a password. And the HTTP log looks like the following...
The problem is that when I try to re-create the same POST request with the same headers in Postman (or cURL or Python requests), I get invalid username or password error. Is SoapUI doing something special here? The response in this case is as follows...
<?xml version="1.0" encoding="utf-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fault xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wd="urn:com.workday/bsvc">
<faultcode>SOAP-ENV:Client.authenticationError</faultcode>
<faultstring>invalid username or password</faultstring>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Answer
SoapUI does modify the outgoing XML in this case. It adds the following chunk just before the <env:Body> element before it sends it out as a POST request.
<env:Header>
<wsse:Security
env:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-86F2FCCEFFBB80C4CD14820998755791">
<wsse:Username>username@tenant</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
<wsse:Nonce
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">asdfwrqwarqwr1+oA==
</wsse:Nonce>
<wsu:Created>2016-12-18T22:24:30.575Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</env:Header>
So I've added this to the original XML and removed the Basic Auth header from the request and it works.