Workday career sites are some of the most frustrating scrape targets in the job data space — heavily JavaScript-rendered, rate-limited per IP, and protected by Cloudflare or Akamai depending on the employer. If you’re building a job aggregator, a recruiting intelligence tool, or a competitive headcount tracker, you need a reliable pipeline that handles Workday’s quirks without burning through proxies or getting your IP ranges blocked inside 48 hours.
How Workday Serves Job Data
Workday career pages follow a consistent pattern. The public-facing URL is typically https://. The page shell loads via a React-based SPA, then fetches job listings through a GraphQL-like REST endpoint:
GET https://<company>.wd1.myworkdayjobs.com/wday/cxs/<company>/<tenant>/jobsThe payload is a POST with a JSON body:
{
"limit": 20,
"offset": 0,
"searchText": "",
"locations": [],
"categories": []
}This endpoint is unauthenticated for most public career sites, which makes it the cleanest extraction path. Skip Selenium entirely for the initial crawl — hit the API directly with httpx or requests, paginate by incrementing offset by 20, and parse the jobPostings array in the response. You’ll get title, location, requisition ID, and a relative URL per listing.
The detail page for each job is a second request: GET /jobDetails?jobPostingId=. This returns full description HTML in a JSON field. Parse it with BeautifulSoup or lxml and you’re done.
Anti-Bot Layers and Where They Kick In
The direct API approach works until it doesn’t. Workday deploys different protection stacks depending on the employer’s contract tier:
| Protection Layer | Trigger | Symptoms |
|---|---|---|
| Cloudflare Bot Management | High request velocity from single IP | 403 with CF ray header |
| Akamai Bot Manager | Headless browser fingerprint | Empty response body or redirect loop |
| Workday rate limiting | >50 req/min per IP | 429 with Retry-After header |
| Tenant-level blocks | Repeated scraping of same tenant | 503 or silent empty results |
For Fortune 500 employers — think Salesforce, JPMorgan, or Deloitte — you will hit Cloudflare or Akamai. For mid-market companies, basic IP rotation is usually sufficient.
Rotate residential or mobile proxies, not datacenter IPs. Workday’s bot scoring is sensitive to ASN reputation. A Singapore or US residential pool with 5-10 second request delays per IP handles the majority of mid-market tenants without triggering blocks. Unlike simpler ATS platforms such as Lever and Greenhouse, Workday applies consistent bot scoring across all employer tenants, so you can’t exploit per-tenant gaps.
Scaling Across Thousands of Workday Tenants
The harder engineering problem is discovery: finding all Workday tenants worth scraping. There is no public tenant directory.
Three practical approaches:
- Seed from LinkedIn company pages. Filter companies by ATS using tools like Apify’s LinkedIn Company Scraper or a custom crawler, then check for the
wd1.myworkdayjobs.compattern in theCareerslink. - Use Google dorks:
site:wd1.myworkdayjobs.com -site:myworkday.comreturns indexed tenant subdomains. Export 100-200 at a time, deduplicate, and build your tenant list. - Buy a commercial dataset. Revelio Labs and Coresignal both maintain ATS-tagged company datasets. $500-2000 gets you a CSV with Workday tenant slugs for 15,000+ companies.
Once you have tenants, the crawl architecture matters. A naive sequential crawler will take weeks at scale. Use a job queue (Celery + Redis, or RQ) with per-tenant rate limiting. Set a max concurrency of 1 request per tenant per minute and run 50-100 workers. At that rate, 10,000 tenants with an average of 30 job postings each is a ~6-hour full crawl.
import httpx
import time
def fetch_jobs(tenant: str, company: str, offset: int = 0) -> dict:
url = f"https://{company}.wd1.myworkdayjobs.com/wday/cxs/{company}/{tenant}/jobs"
payload = {"limit": 20, "offset": offset, "searchText": "", "locations": [], "categories": []}
headers = {
"Content-Type": "application/json",
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36",
}
r = httpx.post(url, json=payload, headers=headers, timeout=15)
r.raise_for_status()
return r.json()For tenants behind Akamai, swap httpx for a Playwright or Camoufox session that passes browser fingerprinting. Keep headless sessions warm across multiple requests to the same tenant rather than spinning up a new context per page — cold browser fingerprints score worse than warm ones.
Storing and Deduplicating Job Postings
Job postings are volatile. The same requisition ID appears across multiple crawl cycles, and companies close and reopen roles. Your schema needs a few things:
requisition_id+tenant_slugas a composite unique keyfirst_seen_atandlast_seen_attimestamps for freshness trackingis_activeboolean flipped to false when a job disappears from the feed- A
raw_jsoncolumn for the full response payload so you can reparse without re-crawling
PostgreSQL with a partial index on (tenant_slug, is_active) handles tens of millions of rows without issue. If you’re running this alongside other ATS scrapers — SmartRecruiters or Recruitee for example — normalize job records into a single canonical schema with an ats_source field. Cross-ATS analysis gets much easier when the data model is unified from day one.
Proxy Selection for Workday at Scale
Not all proxy types perform equally against Workday’s bot stack:
- Residential rotating proxies: best default. US residential pools (Brightdata, Oxylabs, Smartproxy) handle 90% of tenants. Expect $3-8 per GB.
- Mobile proxies: highest trust score, best for Cloudflare-protected Fortune 500 tenants. More expensive at $15-25/GB, but failure rates drop significantly. The same logic applies when scraping boutique recruitment sites that use shared Cloudflare plans.
- Datacenter proxies: avoid entirely for Workday. Block rates exceed 60% even on premium providers.
- ISP/static residential: middle ground. Good for low-volume, high-fidelity scraping of a fixed tenant list.
Proxy rotation strategy matters as much as proxy type. The same principles that apply to review site scraping hold here: use sticky sessions per tenant (not per request), keep session duration under 10 minutes, and retire any IP that returns a 429 or 403 for a minimum of 30 minutes before reassignment.
Key failure signals to handle in your retry logic:
429withRetry-After: back off for the specified duration, then retry with a fresh IP403with CF ray header: rotate IP immediately, add 5s jitter before retry- Empty
jobPostingsarray with HTTP 200: silent block, treat as soft failure, retry after 15 minutes - Connection timeout: infrastructure issue or hard IP block, retire IP for 1 hour
Bottom Line
Workday’s direct JSON API is your fastest path to structured job data — skip the browser automation unless you’re targeting the Cloudflare tier of employers. Pair it with residential or mobile proxy rotation, a per-tenant rate limiter, and a deduplication schema built around requisition_id. At 50-100 workers, you can maintain a fresh, full-coverage dataset across 10,000+ tenants on a single cloud instance. DRT covers the full ATS scraping stack across all major platforms if you’re building a multi-source job data pipeline.
Related guides on dataresearchtools.com
- How to Scrape Boutique Recruitment Site Postings (2026)
- How to Scrape Lever and Greenhouse Job Boards Programmatically (2026)
- How to Scrape SmartRecruiters Hiring Pages (2026)
- How to Scrape Recruitee Pages for Lead Sourcing (2026)
- Pillar: How Proxies Help Scrape Reviews at Scale: Yelp, Google, Trustpilot (2026)