# Authorizing API calls in Swagger > To access the Orchestrator API Swagger, append `/swagger/index.html` to the Orchestrator URL. For example, `{AutomationCloudURL}/{organizationName}/{tenantName}/orchestrator_/swagger/index.html`. ## Accessing Swagger To access the Orchestrator API Swagger, append `/swagger/index.html` to the Orchestrator URL. For example, `{AutomationCloudURL}/{organizationName}/{tenantName}/orchestrator_/swagger/index.html`. The API you see in Swagger is directly dependent on the Orchestrator instance you use. To easily make requests directly in Swagger, log in to Orchestrator in another tab. :::note The Swagger authentication expires according to the parameters set in your Orchestrator instance. By default, it is set to 30 minutes. ::: ## Obtaining an access token To authorize API calls via the Swagger UI for Orchestrator services, perform the following steps: 1. Look for the **Authorize** button at the top right corner of the Orchestrator API page. If the lock is open, you are unauthorized. Figure 1. Authorize button ![Authorize button](https://dev-assets.cms.uipath.com/assets/images/orchestrator/orchestrator-authorize-button-219801-2b4397ae-277e2da4.webp) 2. Select **Authorize**. The **Available authorizations** window is displayed. :::note We currently support one authorization scheme called OAuth2. ::: Figure 2. Available authorizations ![Screenshot of the Available authorizations window](https://dev-assets.cms.uipath.com/assets/images/orchestrator/orchestrator-screenshot-of-the-available-authorizations-window-219773-82b881ce-ea4e1394.webp) 3. All scopes are preselected such that you can experiment with all endpoints in the Orchestrator API. Clear them if you want to restrict access to certain APIs. 4. Select **Authorize**. A new window is displayed confirming you have been authorized. 5. Once done, select **Close** or **X** to close the **Available authorizations** window. The **Authorize** button shows an closed lock meaning you are authorized. ## Sending requests While authorized, you can make requests on Orchestrator API resources as follows: 1. Expand an Orchestrator API resource with which you want to perform an operation. The closed lock means that you’re authorized. Figure 3. Unauthorized API resource ![Screenshot of the GET/odata/Folders API](https://dev-assets.cms.uipath.com/assets/images/orchestrator/orchestrator-screenshot-of-the-get-odata-folders-api-219805-b1499867-0718e7af.webp) 2. In the expanded method window, select **Try it out**. 3. Specify parameter values if required. 4. Select **Execute**. The request is executed. A bearer authorization header is automatically used for your requests. Figure 4. Bearer authorization header ![Screenshot of a bearer authorization header](https://dev-assets.cms.uipath.com/assets/images/orchestrator/orchestrator-screenshot-of-a-bearer-authorization-header-219781-519c58ab-5f233b92.webp) ## Generating a new access token When the access token expires you receive a `401: You are not authenticated!` response. The bearer authorization header is still present for your requests, but the access token is expired. When this happens, you need to invalidate the expired token and generate a new access token: 1. Look for the **Authorize** button at the top right corner of the Orchestrator API page. The lock should be closed. Figure 5. Authorize button ![Authorize button](https://dev-assets.cms.uipath.com/assets/images/orchestrator/orchestrator-authorize-button-220026-0bd71886-c0dfaabf.webp) 2. Select **Authorize** and on the displayed **Available authorizations** page, select **Logout** to revoke the expired token. Figure 6. Available authorizations ![Screenshot of the Available authorizations window](https://dev-assets.cms.uipath.com/assets/images/orchestrator/orchestrator-screenshot-of-the-available-authorizations-window-220151-e525fac5-2323d614.webp) 3. Close the **Available authorizations** window by selecting **Close** or **X** and then obtain an access token as described on the Obtaining an access token section. ## Revoking access When you're done working with the Swagger UI, you should invalidate the access token you've used: 1. Look for the **Authorize** button at the top right corner of the Orchestrator API page. The lock should be closed, meaning you are authorized. 2. Click **Authorize** and on the displayed **Available authorizations** page, click **Logout**. 3. Close the **Available authorizations** window by clicking **Close** or **X**. The **Authorize** button shows an open lock meaning you are unauthorized.