Employer Service API Program Authentication Process

Equifax security mandates that all API transfers with external clients/vendors must use OAuth 2.0 and a JWT token authentication.

OAuth 2.0
Equifax requires all API operations to utilize OAuth 2.0 for authentication. This method of authentication requires a unique client id and secret. If you wish to learn more about OAuth 2.0, you can learn about it here.

JWT for Authentication
JSON Web Token (JWT) is a compact token format used for authorization. A provided set of credentials for OAuth 2.0 is used to call a URL. This then returns a JWT token, which is valid for a short period of time and can be used to authenticate all other calls in that time frame. When your token expires, you will need to make a call to get a fresh one.

Setup Process (High Level)
The following high level steps are necessary to utilize your integration:

1. Download the Equifax key from the links provided below.
2. Import each X509 public key into your HCM system and configure as stated in your provided configuration guide.

General Guidelines

1. These keys should not be shared publicly or openly in any form
2. You should only have one token in use at a time

For further details on configuring client certificates, please refer to the partner configuration guide provided by your implementation team.

Download Public Key
EFX_PRD_Workday_Public_X509_Key - Expires Friday, 2/27/2026, 11:59 PM ET
EFX_UAT_Workday_Public_X509_Key - Expires Friday, 2/27/2026, 11:59 PM ET