Automation Suite
2022.10
false
Authentication - Automation Suite 2022.10
Banner background image
logo
Automation Suite API Guide
Last updated Nov 22, 2023

Authentication

Authentication Vs Authorization

Automation Suite APIs require your application to send an authentication token with each request. The token lets the server verify your identity.

To access the resources of Automation Suite, you need to authenticate your application either by:

  • registering your application, thus generating a client ID and a client secret used to retrieve an authorization token,
  • providing the resource owner credentials in the request body of the authentication endpoint
    Important: Use the above authentication method only if the application accessing the resources is highly-trusted.
After a successful authentication, you need to be authorized (i.e., have the right permissions) to access specific resources. You grant your application access through the APIs Authorization header.

ROPC Authentication

Important:

We support authentication through ROPC for backwards compatibility for Orchestrator instances that have been migrated from standalone to Automation Suite deployments.

Only Host administrators should authenticate using the /api/account/authenticate/ endpoint.

Business users should authenticate using External Applications.

The resource owner password credentials authentication method is tenant scoped, therefore external application won't be able to authenticate using this method, as an external app cannot be created at tenant level.

To retrieve the access token, make a POST request to the BaseURL/[OrgName]/[TenantName]/api/account/authenticate endpoint with the following payload:
{
    "TenancyName": "{account_tenant_name}",
    "UsernameOrEmailAddress": "{account_username}",
    "Password": "{account_password}"
}{
    "TenancyName": "{account_tenant_name}",
    "UsernameOrEmailAddress": "{account_username}",
    "Password": "{account_password}"
}

In the above request:

  • {account_tenant_name}—is the name of the tenant in your Automation Suite account
  • {account_username}—is the username of your Automation Suite account
  • {account_password}—is the password used to log in to your Automation Suite account
Tip:

To find the TenancyName value of your Orchestrator instance, make a GET request to the /odata/Users/UiPath.Server.Configuration.OData.GetCurrentUser.

The response body returns the bearer token, used by your application to authorize further API calls. Therefore, in the Authorization header of an API call, append Bearer xxxx and replace xxxx with the {access_token} value (for example, Authorization: Bearer eyJhbG ... LnVxjA).
{
    "result": "{access_token}",
    "targetUrl": null,
    "success": true,
    "error": null,
    "unAuthorizedRequest": false,
    "__abp": true
}{
    "result": "{access_token}",
    "targetUrl": null,
    "success": true,
    "error": null,
    "unAuthorizedRequest": false,
    "__abp": true
}
Important:
  • Authentication Vs Authorization
  • ROPC Authentication
Support and Services icon
Get The Help You Need
UiPath Academy icon
Learning RPA - Automation Courses
UiPath Forum icon
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.