Orchestrator
2021.10
false
Banner background image
Orchestrator API Guide
Last updated Nov 10, 2023

Authenticating

Local User Authentication via a Bearer Token (ROPC authentication)

Important: We support authentication through ROPC for backwards compatibility for Orchestrator instances that have been migrated from standalone to Automation Suite deployments.Only Host administrators should authenticate using the /api/account/authenticate/ endpoint.Business users should authenticate using External Applications.
The resource owner password credentials authentication method is tenant scoped, therefore external application won't be able to authenticate using this method, as an external app cannot be created at tenant level.
  1. To retrieve the access token, make a POST request to the {OrchestratorURL}/api/account/authenticate endpoint with the following payload:
    {
    "TenancyName": "{account_tenancy_name}",
    "UsernameOrEmailAddress": "{account_username}",
    "Password": "{account_password}"
}{
    "TenancyName": "{account_tenancy_name}",
    "UsernameOrEmailAddress": "{account_username}",
    "Password": "{account_password}"
}

    In the above request:

    • {account_tenancy_name}—is the tenant unique identifier in your Automation Suite account
    • {account_username}—is the username of your Automation Suite account
    • {account_password}—is the password used to log in to your Automation Suite account
  2. To find the TenancyName value of your Orchestrator instance, make a GET request to the /odata/Users/UiPath.Server.Configuration.OData.GetCurrentUser endpoint.
    The response body returns the bearer token, used by your application to authorize further API calls. Therefore, in the Authorization header of an API call, append Bearer xxxx and replace xxxx with the {access_token} value (for example, Authorization: Bearer eyJhbG ... LnVxjA).
    {
    "result": "{access_token}",
    "targetUrl": null,
    "success": true,
    "error": null,
    "unAuthorizedRequest": false,
    "__abp": true
}{
    "result": "{access_token}",
    "targetUrl": null,
    "success": true,
    "error": null,
    "unAuthorizedRequest": false,
    "__abp": true
}
    By default, the access token is valid for 30 minutes. To generate a new one, make another call to the api/account/authenticate endpoint.
    Important: If your organization uses the Azure Active Directory model, you must register external applications in Orchestrator and use the OAuth flow.

Swagger

If you are using Swagger to try our API, just log in to your Orchestrator instance in a separate tab.

The Orchestrator API Swagger definition can be accessed by adding the /swagger/ui/index#/ suffix to your Orchestrator URL. For example, https://myOrchestrator.com/swagger/ui/index#/.
Note: The Swagger authentication expires according to the parameters set in your Orchestrator instance. By default, it is set to 30 minutes. You can change it by modifying the value of the Auth.Cookie.Expire parameter, in the Web.config file.

Domain User Authentication

Important:

API access with Windows Auto-logon (NTLM authentication) has been removed, as indicated in the deprecation timeline.

We recommend that you use the OAuth flow instead, which requires registering external applications in Orchestrator.

If the external application is already registered, see Using OAuth for External Apps.

Was this page helpful?

Support and Services
Get The Help You Need
UiPath Academy
Learning RPA - Automation Courses
UiPath Forum
UiPath Community Forum
Uipath Logo White
Trust and Security
Terms of Use
Privacy Policy
Cookies Policy
© 2005-2024 UiPath. All rights reserved.