orchestrator
2021.10
false
UiPath logo, featuring letters U and I in white
OUT OF SUPPORT
Orchestrator API Guide
Automation CloudAutomation Cloud Public SectorAutomation SuiteStandalone
Last updated Oct 31, 2024

Authenticating

API Authentication ensures only authorized parties can interact with the available resources and perform necessary actions. UiPath offers multiple methods of authentication for different scenarios.

Local User Authentication via a Bearer Token (ROPC authentication)

Important: We support authentication through ROPC for backwards compatibility for Orchestrator instances that have been migrated from standalone to Automation Suite deployments.Only Host administrators should authenticate using the /api/account/authenticate/ endpoint.Business users should authenticate using External Applications.
The resource owner password credentials authentication method is tenant scoped, therefore external application won't be able to authenticate using this method, as an external app cannot be created at tenant level.
  1. To retrieve the access token, make a POST request to the {OrchestratorURL}/api/account/authenticate endpoint with the following payload:
    {
        "TenancyName": "{account_tenancy_name}",
        "UsernameOrEmailAddress": "{account_username}",
        "Password": "{account_password}"
    }{
        "TenancyName": "{account_tenancy_name}",
        "UsernameOrEmailAddress": "{account_username}",
        "Password": "{account_password}"
    }

    In the above request:

    • {account_tenancy_name}—is the tenant unique identifier in your Automation Suite account
    • {account_username}—is the username of your Automation Suite account
    • {account_password}—is the password used to log in to your Automation Suite account
  2. To find the TenancyName value of your Orchestrator instance, make a GET request to the /odata/Users/UiPath.Server.Configuration.OData.GetCurrentUser endpoint.
    The response body returns the bearer token, used by your application to authorize further API calls. Therefore, in the Authorization header of an API call, append Bearer xxxx and replace xxxx with the {access_token} value (for example, Authorization: Bearer eyJhbG ... LnVxjA).
    {
        "result": "{access_token}",
        "targetUrl": null,
        "success": true,
        "error": null,
        "unAuthorizedRequest": false,
        "__abp": true
    }{
        "result": "{access_token}",
        "targetUrl": null,
        "success": true,
        "error": null,
        "unAuthorizedRequest": false,
        "__abp": true
    }
    By default, the access token is valid for 30 minutes. To generate a new one, make another call to the api/account/authenticate endpoint.
    Important: If your organization uses the Azure Active Directory model, you must register external applications in Orchestrator and use the OAuth flow.

Accessing Swagger

If you are using Swagger to try our API, just log in to your Orchestrator instance in a separate tab.

The Orchestrator API Swagger definition can be accessed by adding the /swagger/ui/index#/ suffix to your Orchestrator URL. For example, https://{yourDomain} /swagger/ui/index#/.
Note: The Swagger authentication expires according to the parameters set in your Orchestrator instance. By default, it is set to 30 minutes. You can change it by modifying the value of the Auth.Cookie.Expire parameter, in the Web.config file.

Domain User Authentication

Important:

API access with Windows Auto-logon (NTLM authentication) has been removed, as indicated in the deprecation timeline.

We recommend that you use the OAuth flow instead, which requires registering external applications in Orchestrator.

If the external application is already registered, refer to .

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.