UiPath Documentation
orchestrator
2022.10
false
  • Getting started
    • About OData and references
    • Enumerated types
    • Authenticating
    • Building API Requests
    • Permissions per endpoint
    • Response codes
    • Health Check Endpoints
  • Authentication
    • Authentication methods
    • External Applications (OAuth)
    • ROPC (not recommended)
  • Swagger definition
    • Read me
    • Authorizing API calls in Swagger
    • Managing logical resources
  • Orchestrator APIs
    • Alerts requests
    • Assets requests
    • Calendars requests
    • Environments requests
    • Folders requests
    • Generic Tasks requests
    • Jobs requests
    • Libraries requests
    • License requests
    • Packages requests
    • Permissions requests
    • Personal workspaces requests
    • Processes requests
    • Queue Items requests
    • Robots requests
    • Roles requests
    • Schedules requests
    • Settings requests
    • Tasks requests
    • Task Catalogs requests
    • Task Forms requests
    • Tenants Requests
    • Transactions requests
    • Users requests
    • Webhooks requests
  • Platform Management APIs
    • Getting started
      • About this guide
      • Available resources
      • API endpoint URL structure
      • Enumeration List
    • Scopes and permissions
      • About scopes and permissions
      • Platform Management scopes and permissions
    • Platform Management APIs
      • Audit Logs
        • Get Audit Logs
        • Download Audit Logs
      • Groups
        • Get All Groups
        • Get Specific Group
        • Delete Specific Group
        • Create a New Local Group
        • Update Group
      • Robot Account
        • Get All Robot Accounts
        • Delete Robot Accounts
        • Get Specific Robot Account
        • Delete Specific Robot Account
        • Create a New Robot Account
        • Update Robot Account
      • User
        • Update User
        • Delete Specific User
        • Delete Users
      • Settings
        • Get Settings
        • Update Settings
      • Message Template
        • Get Message Template
        • Update a Message Template
        • Get Message Template by Name
UiPath logo, featuring letters U and I in white
OUT OF SUPPORT

Orchestrator API guide

Last updated Dec 16, 2025

Authorizing API calls in Swagger

Accessing Swagger

To access the Orchestrator API Swagger, append /swagger/index.html to the Orchestrator URL. For example, https://{yourDomain}/swagger/index.html.

The API you see in Swagger is directly dependent on the Orchestrator instance you use. To easily make requests directly in Swagger, log in to Orchestrator in another tab.

Obtaining an Access Token

To authorize API calls via the Swagger UI in your Orchestrator instance, perform the following steps:

  1. Look for the Authorize button at the top right corner of the Orchestrator API page (OrchestratorURL/swagger). If the lock is open, you are unauthorized.


  2. Click Authorize. The Available authorizations window is displayed.
    Note: We currently support one authorization scheme called OAuth2.


  3. All scopes are preselected such that you can experiment with all endpoints in the Orchestrator API. Clear them if you want to restrict access to certain APIs.
  4. Click Authorize. A new window is displayed confirming you have been authorized.
  5. Once done, click Close or X to close the Available authorizations window. The Authorize button shows an closed lock meaning you are authorized.

Sending requests

While authorized, you can make requests on Orchestrator API resources as follows:

  1. Expand an Orchestrator API resource with which you want to perform an operation. The closed lock means that you’re authorized.
    Figure 1. Unauthorized API resource

  2. In the expanded method window, select Try it out.
  3. Specify parameter values if required.
  4. Select Execute. The request is executed. A bearer authorization header is automatically used for your requests.
    Figure 2. Bearer authorization header

Generating a New Access Token

When the access token expires you receive a 401: You are not authenticated! response. The bearer authorization header is still present for your requests, but the access token is expired. When this happens, you need to invalidate the expired token and generate a new access token:
  1. Look for the Authorize button at the top right corner of the Orchestrator API page (OrchestratorURL/swagger). The lock should be closed.


  2. Click Authorize and on the displayed Available authorizations page, click Logout to revoke the expired token.


  3. Close the Available authorizations window by clicking Close or X and then obtain an access token as described on the Obtaining an access token section.

Revoking Access

When you're done working with the Swagger UI, you should invalidate the access token you've used:

  1. Look for the Authorize button at the top right corner of the Orchestrator API page (OrchestratorURL/swagger). The lock should be closed, meaning you are authorized.
  2. Click Authorize and on the displayed Available authorizations page, click Logout.
  3. Close the Available authorizations window by clicking Close or X. The Authorize button shows an open lock meaning you are unauthorized.

Was this page helpful?

Connect

Need help? Support

Want to learn? UiPath Academy

Have questions? UiPath Forum

Stay updated