Automation Cloud - External client - Federated credentials

List federated credentials

Retrieve all federated credentials registered for a specific OAuth external application.

Point de terminaison de l’API

GET
          {accessURL}/identity_/api/ExternalClient/{partitionGlobalId}/{clientId}/FederatedCredentialsGET
          {accessURL}/identity_/api/ExternalClient/{partitionGlobalId}/{clientId}/FederatedCredentials

Paramètres de chemin d'accès

Paramètre	Description
`partitionGlobalId`	The organization global ID.
`clientId`	The ID of the OAuth external application.

Étendues

Nécessite l’une des étendues suivantes :

PM.OAuthApp
PM.OAuthApp.Read

En-têtes de requête.

--header 'Authorization: Bearer {access_token}'--header 'Content-Type: application/json'

Note: To obtain the {access_token}, use an organization administrator token or authenticate through one of the methods described in Authentication methods.

Réponses

200 OK

Returns an array of FederatedCredentialDto objects. Returns an empty array if no credentials are registered.

Exemple de requête

curl --request GET \
  '{accessURL}/identity_/api/ExternalClient/{partitionGlobalId}/{clientId}/FederatedCredentials' \
  --header 'Authorization: Bearer {access_token}'curl --request GET \
  '{accessURL}/identity_/api/ExternalClient/{partitionGlobalId}/{clientId}/FederatedCredentials' \
  --header 'Authorization: Bearer {access_token}'

Exemple de réponse

[{"id":"3fa85f64-5717-4562-b3fc-2c963f66afa6","clientId":"1539a53a-e34f-4803-adef-b9cd82f18858",
"name":"GitHub Actions","description":
"Used for GitHub Actions CI/CD pipeline","issuer":
"https://token.actions.githubusercontent.com","audience":"https://cloud.uipath.com/myorg",
"subject":"repo:myorg/myrepo:ref:refs/heads/main",
"createdAt":"2026-03-01T10:00:00Z",
"updatedAt":"2026-03-01T10:00:00Z"}][{"id":"3fa85f64-5717-4562-b3fc-2c963f66afa6","clientId":"1539a53a-e34f-4803-adef-b9cd82f18858",
"name":"GitHub Actions","description":
"Used for GitHub Actions CI/CD pipeline","issuer":
"https://token.actions.githubusercontent.com","audience":"https://cloud.uipath.com/myorg",
"subject":"repo:myorg/myrepo:ref:refs/heads/main",
"createdAt":"2026-03-01T10:00:00Z",
"updatedAt":"2026-03-01T10:00:00Z"}]

Create a federated credential

Create a federated identity credential for a specific OAuth external application.

Note: Each application supports a maximum of 20 federated credentials.

Point de terminaison de l’API

POST
          {accessURL}/identity_/api/ExternalClient/{partitionGlobalId}/{clientId}/FederatedCredentialsPOST
          {accessURL}/identity_/api/ExternalClient/{partitionGlobalId}/{clientId}/FederatedCredentials

Paramètres de chemin d'accès

Paramètre	Description
`partitionGlobalId`	The organization global ID.
`clientId`	The ID of the OAuth external application.

Étendues

Nécessite l’une des étendues suivantes :

PM.OAuthApp
PM.OAuthApp.Write

En-têtes de requête.

--header 'Authorization: Bearer {access_token}'--header 'Content-Type: application/json'--header 'Authorization: Bearer {access_token}'--header 'Content-Type: application/json'

Corps de la requête

{"name":"azure-production-workload","description":"Federated credential for production Azure workload",
"issuer":"https://login.microsoftonline.com/{tenant-id}/v2.0",
"audience":"api://uipath-production","subject":"00000000-0000-0000-0000-000000000000"}{"name":"azure-production-workload","description":"Federated credential for production Azure workload",
"issuer":"https://login.microsoftonline.com/{tenant-id}/v2.0",
"audience":"api://uipath-production","subject":"00000000-0000-0000-0000-000000000000"}

Champ	Requis	Description
`name`	Oui (Yes)	A descriptive name for the credential. Must be unique within the application. Maximum 128 characters.
`description`	Non (No)	Optional context for the credential. Maximum 512 characters.
`issuer`	Oui (Yes)	The HTTPS URI of the external identity provider. Must be reachable at create time.
`audience`	Oui (Yes)	A single string that must appear in the JWT `aud` claim.
`subject`	Oui (Yes)	A value that must exactly match the JWT `sub` claim.

Réponses

201 Créé

Returns the created FederatedCredentialDto object.

400 Requête incorrecte

The request is invalid. Possible causes: name is not unique within the client, issuer is not a valid HTTPS URI, the issuer's JWKS endpoint is unreachable, or the maximum of 20 credentials per application has been reached.

404 Not Found

The specified clientId does not exist or does not belong to the caller's organization.

Exemple de requête

curl --request POST \
  '{accessURL}/identity_/api/ExternalClient/{partitionGlobalId}/{clientId}/FederatedCredentials' \
  --header 'Authorization: Bearer {access_token}' \
  --header 'Content-Type: application/json' \
  --data '{"name":"GitHub Actions","description":"Used for GitHub Actions CI/CD pipeline","issuer":"https://token.actions.githubusercontent.com","audience":"https://cloud.uipath.com/myorg","subject":"repo:myorg/myrepo:ref:refs/heads/main"}'
curl --request POST \
  '{accessURL}/identity_/api/ExternalClient/{partitionGlobalId}/{clientId}/FederatedCredentials' \
  --header 'Authorization: Bearer {access_token}' \
  --header 'Content-Type: application/json' \
  --data '{"name":"GitHub Actions","description":"Used for GitHub Actions CI/CD pipeline","issuer":"https://token.actions.githubusercontent.com","audience":"https://cloud.uipath.com/myorg","subject":"repo:myorg/myrepo:ref:refs/heads/main"}'

Exemple de réponse

{"id":"3fa85f64-5717-4562-b3fc-2c963f66afa6","clientId":
"1539a53a-e34f-4803-adef-b9cd82f18858","name":"GitHub Actions","description":
"Used for GitHub Actions CI/CD pipeline","issuer":"https://token.actions.githubusercontent.com","audience":
"https://cloud.uipath.com/myorg","subject":
"repo:myorg/myrepo:ref:refs/heads/main",
"createdAt":"2026-03-01T10:00:00Z","updatedAt":"2026-03-01T10:00:00Z"}{"id":"3fa85f64-5717-4562-b3fc-2c963f66afa6","clientId":
"1539a53a-e34f-4803-adef-b9cd82f18858","name":"GitHub Actions","description":
"Used for GitHub Actions CI/CD pipeline","issuer":"https://token.actions.githubusercontent.com","audience":
"https://cloud.uipath.com/myorg","subject":
"repo:myorg/myrepo:ref:refs/heads/main",
"createdAt":"2026-03-01T10:00:00Z","updatedAt":"2026-03-01T10:00:00Z"}

Get a federated credential

Retrieve a specific federated credential by its ID.

Point de terminaison de l’API

GET
          {accessURL}/identity_/api/ExternalClient/{partitionGlobalId}/{clientId}/FederatedCredentials/{credentialId}GET
          {accessURL}/identity_/api/ExternalClient/{partitionGlobalId}/{clientId}/FederatedCredentials/{credentialId}

Paramètres de chemin d'accès

Paramètre	Description
`partitionGlobalId`	The organization global ID.
`clientId`	The ID of the OAuth external application.
`credentialId`	The ID of the federated credential.

Étendues

Nécessite l’une des étendues suivantes :

PM.OAuthApp
PM.OAuthApp.Read

En-têtes de requête.

--header 'Authorization: Bearer {access_token}'--header 'Content-Type: application/json'--header 'Authorization: Bearer {access_token}'--header 'Content-Type: application/json'

Réponses

200 OK

Returns the FederatedCredentialDto object for the requested credential.

404 Not Found

The specified credential or application does not exist in the caller's organization.

Exemple de requête

curl --request GET \
  '{accessURL}/identity_/api/ExternalClient/{partitionGlobalId}/{clientId}/FederatedCredentials/{credentialId}' \
  --header 'Authorization: Bearer {access_token}'curl --request GET \
  '{accessURL}/identity_/api/ExternalClient/{partitionGlobalId}/{clientId}/FederatedCredentials/{credentialId}' \
  --header 'Authorization: Bearer {access_token}'

Example response

{"id":"3fa85f64-5717-4562-b3fc-2c963f66afa6","clientId":"1539a53a-e34f-4803-adef-b9cd82f18858",
"name":"GitHub Actions","description":"Used for GitHub Actions CI/CD pipeline",
"issuer":"https://token.actions.githubusercontent.com","audience":
"https://cloud.uipath.com/myorg","subject":"repo:myorg/myrepo:ref:refs/heads/main",
"createdAt":"2026-03-01T10:00:00Z","updatedAt":"2026-03-15T08:30:00Z"}{"id":"3fa85f64-5717-4562-b3fc-2c963f66afa6","clientId":"1539a53a-e34f-4803-adef-b9cd82f18858",
"name":"GitHub Actions","description":"Used for GitHub Actions CI/CD pipeline",
"issuer":"https://token.actions.githubusercontent.com","audience":
"https://cloud.uipath.com/myorg","subject":"repo:myorg/myrepo:ref:refs/heads/main",
"createdAt":"2026-03-01T10:00:00Z","updatedAt":"2026-03-15T08:30:00Z"}

Update a federated credential

Update an existing federated credential. All required fields must be included in the request body.

Point de terminaison de l’API

PUT
          {accessURL}/identity_/api/ExternalClient/{partitionGlobalId}/{clientId}/FederatedCredentials/{credentialId}PUT
          {accessURL}/identity_/api/ExternalClient/{partitionGlobalId}/{clientId}/FederatedCredentials/{credentialId}

Paramètres de chemin d'accès

Paramètre	Description
`partitionGlobalId`	The organization global ID.
`clientId`	The ID of the OAuth external application.
`credentialId`	The ID of the federated credential to update.

Étendues

Nécessite l’une des étendues suivantes :

PM.OAuthApp
PM.OAuthApp.Write

En-têtes de requête.

--header 'Authorization: Bearer {access_token}'--header 'Content-Type: application/json'--header 'Authorization: Bearer {access_token}'--header 'Content-Type: application/json'

Corps de la requête

{"name":"azure-production-workload-updated","description":"Updated description","issuer"
:"https://login.microsoftonline.com/{tenant-id}/v2.0","audience":
"api://uipath-production","subject":"00000000-0000-0000-0000-000000000000"}{"name":"azure-production-workload-updated","description":"Updated description","issuer"
:"https://login.microsoftonline.com/{tenant-id}/v2.0","audience":
"api://uipath-production","subject":"00000000-0000-0000-0000-000000000000"}

Champ	Requis	Description
`name`	Oui (Yes)	A descriptive name for the credential. Must be unique within the application. Maximum 128 characters.
`description`	Non (No)	Optional context for the credential. Maximum 512 characters.
`issuer`	Oui (Yes)	The HTTPS URI of the external identity provider. Must be reachable at create time.
`audience`	Oui (Yes)	A single string that must appear in the JWT `aud` claim.
`subject`	Oui (Yes)	A value that must exactly match the JWT `sub` claim.

Réponses

200 OK

Returns the updated FederatedCredentialDto object.

400 Requête incorrecte

Validation failed. Possible causes: duplicate name, invalid issuer URI, or unreachable JWKS endpoint.

Exemple de requête

curl --request PUT \
  '{accessURL}/identity_/api/ExternalClient/{partitionGlobalId}/{clientId}/FederatedCredentials/{credentialId}' \
  --header 'Authorization: Bearer {access_token}' \
  --header 'Content-Type: application/json' \
  --data '{"name":"GitHub Actions — Production","description":"Production branch deployments only","issuer":"https://token.actions.githubusercontent.com","audience":"https://cloud.uipath.com/myorg","subject":"repo:myorg/myrepo:ref:refs/heads/main"}'
curl --request PUT \
  '{accessURL}/identity_/api/ExternalClient/{partitionGlobalId}/{clientId}/FederatedCredentials/{credentialId}' \
  --header 'Authorization: Bearer {access_token}' \
  --header 'Content-Type: application/json' \
  --data '{"name":"GitHub Actions — Production","description":"Production branch deployments only","issuer":"https://token.actions.githubusercontent.com","audience":"https://cloud.uipath.com/myorg","subject":"repo:myorg/myrepo:ref:refs/heads/main"}'

Exemple de réponse

{"id":"3fa85f64-5717-4562-b3fc-2c963f66afa6",
"clientId":"1539a53a-e34f-4803-adef-b9cd82f18858","name":"GitHub Actions — Production","description":
"Production branch deployments only","issuer":"https://token.actions.githubusercontent.com",
"audience":"https://cloud.uipath.com/myorg","subject":"repo:myorg/myrepo:ref:refs/heads/main",
"createdAt":"2026-03-01T10:00:00Z","updatedAt":"2026-03-20T14:00:00Z"}{"id":"3fa85f64-5717-4562-b3fc-2c963f66afa6",
"clientId":"1539a53a-e34f-4803-adef-b9cd82f18858","name":"GitHub Actions — Production","description":
"Production branch deployments only","issuer":"https://token.actions.githubusercontent.com",
"audience":"https://cloud.uipath.com/myorg","subject":"repo:myorg/myrepo:ref:refs/heads/main",
"createdAt":"2026-03-01T10:00:00Z","updatedAt":"2026-03-20T14:00:00Z"}

Delete a federated credential

Delete a federated credential. This action is permanent and immediately invalidates any token acquisition using this credential.

Warning: Deletion is permanent. After deletion, the credential can no longer be used to acquire new access tokens. Access tokens already issued before deletion remain valid until they expire.

Point de terminaison de l’API

DELETE
          {accessURL}/identity_/api/ExternalClient/{partitionGlobalId}/{clientId}/FederatedCredentials/{credentialId}DELETE
          {accessURL}/identity_/api/ExternalClient/{partitionGlobalId}/{clientId}/FederatedCredentials/{credentialId}

Paramètres de chemin d'accès

Paramètre	Description
`partitionGlobalId`	The organization global ID.
`clientId`	The ID of the OAuth external application.
`credentialId`	The ID of the federated credential to delete.

Étendues

Nécessite l’une des étendues suivantes :

PM.OAuthApp
PM.OAuthApp.Write

En-têtes de requête.

--header 'Authorization: Bearer {access_token}'--header 'Content-Type: application/json'

Réponses

204 Aucun contenu

The federated credential was deleted successfully. The response body is empty.

404 Not Found

The specified credential or application does not exist in the caller's organization.

Exemple de requête

curl --request DELETE \
  '{accessURL}/identity_/api/ExternalClient/{partitionGlobalId}/{clientId}/FederatedCredentials/{credentialId}' \
  --header 'Authorization: Bearer {access_token}'curl --request DELETE \
  '{accessURL}/identity_/api/ExternalClient/{partitionGlobalId}/{clientId}/FederatedCredentials/{credentialId}' \
  --header 'Authorization: Bearer {access_token}'

Acquire a token using a federated credential

Exchange a JWT from your external identity provider for a UiPath access token.

Point de terminaison de l’API

POST {accessURL}/identity_/connect/token

Request headers

--header 'Content-Type: application/x-www-form-urlencoded'

Request body

grant_type=client_credentials
&client_id={client_id}&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer
&client_assertion={jwt_token}&scope={requested_scopes}grant_type=client_credentials
&client_id={client_id}&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer
&client_assertion={jwt_token}&scope={requested_scopes}

Paramètre	Description
`grant_type`	Must be `client_credentials`.
`client_id`	The client ID of the registered OAuth external application.
`client_assertion_type`	Must be `urn:ietf:params:oauth:client-assertion-type:jwt-bearer`.
`client_assertion`	The JWT issued by your external identity provider.
`scope`	The OAuth scopes requested for the access token.

Réponses

200 OK

Returns an access token object. Use the access_token value in the Authorization: Bearer header of subsequent API calls.

400 Requête incorrecte

Token acquisition failed. Possible causes: JWT signature invalid, issuer or audience mismatch, subject mismatch, expired JWT, or JWT exceeds 8 KB.

Schemas

FederatedCredentialDto

The object returned by GET, POST, and PUT operations.

Propriété	Saisie de texte	Nullable	Description
`id`	string (uuid)	Non (No)	The unique identifier of the federated credential.
`clientId`	string	Oui (Yes)	The application ID of the OAuth external application this credential belongs to.
`name`	string	Oui (Yes)	The display name of the federated credential.
`description`	string	Oui (Yes)	The description of the federated credential.
`issuer`	string	Oui (Yes)	The URL of the external identity provider.
`audience`	string	Oui (Yes)	The expected `aud` claim value in the JWT.
`subject`	string	Oui (Yes)	The expected `sub` claim value in the JWT.
`createdAt`	string (date-time)	Non (No)	The UTC timestamp when the credential was created.
`updatedAt`	string (date-time)	Non (No)	The UTC timestamp when the credential was last updated.

Guide d'administration d'Automation Cloud

External client - Federated credentials

List federated credentials

Point de terminaison de l’API

Étendues

En-têtes de requête.

200 OK

Create a federated credential

Point de terminaison de l’API

Étendues

201 Créé

400 Requête incorrecte

404 Not Found

Get a federated credential

Point de terminaison de l’API

Étendues

200 OK

404 Not Found

Update a federated credential

Point de terminaison de l’API

Étendues

200 OK

400 Requête incorrecte

Delete a federated credential

Point de terminaison de l’API

Étendues

204 Aucun contenu

404 Not Found

Acquire a token using a federated credential

Point de terminaison de l’API

200 OK

400 Requête incorrecte

FederatedCredentialDto

Cette page vous a-t-elle été utile ?