Have you looked into these things: 1) App administration on the HR modules, and therefore 2) RCA / Caller access restrictions on tables and scripts, and 3) COE Security configurations.  HRSD is by default 'secured' so that you cannot just use a REST call to get to table data.   In fact, even within the ServiceNow platform, these security restrictions even prevent internal apps from getting to data, depending on their scopes and caller access restriction settings.