We’re losing data during bulk performance evaluation imports because our API tokens expire mid-process. We’re importing 5000+ evaluations via the Workday REST API and the process takes about 90 minutes, but our OAuth2 tokens have a 60-minute lifespan.
Here’s the error we’re seeing:
{
"error": "invalid_token",
"error_description": "Access token expired",
"timestamp": "2025-06-08T15:45:23Z"
}
Our current token refresh logic only kicks in if we get a 401 response, but by then we’ve already lost the batch context and have to restart the entire import. This causes duplicate entries and data inconsistencies.
The bulk import session handling seems to tie the session to the original token, so even if we refresh the token, the session is invalidated. We’re on R1 2024 and using Python with requests library. How do others handle long-running API operations that exceed token lifespan without losing session state?
Another approach is to use Workday’s batch processing framework instead of REST API for bulk imports. The Import Process task is designed for large datasets and handles session management internally. You upload a file and Workday processes it asynchronously, so token expiry isn’t an issue. For 5000 evaluations, this is probably more appropriate than individual REST calls anyway.
I’ve implemented this successfully. The key is to use refresh tokens properly and maintain session continuity. When you get your initial OAuth2 token, you also receive a refresh token. Store both. Before making each API call, check if your access token is within 10 minutes of expiry. If so, use the refresh token to get a new access token WITHOUT breaking the session. The refresh token endpoint gives you a new access token while maintaining the same authentication session, so your bulk import context persists. Also, implement exponential backoff retry logic in case the refresh fails - don’t just fail the entire batch.
For your Python implementation specifically, you should use a session wrapper that handles token refresh automatically. Create a custom requests.Session subclass that intercepts requests, checks token expiry, refreshes if needed, and retries the request with the new token. This way your bulk import code doesn’t need to worry about token management - it’s handled transparently at the HTTP layer.