orchestrator

2022.4

false

Getting started
- About OData and references
- Enumerated types
- Authenticating
- Building API Requests
- Permissions per endpoint
- Response codes
- Health Check Endpoints
Authentication
- Authentication methods
- External Applications (OAuth)
- ROPC (not recommended)
Swagger definition
- Read me
- Authorizing API calls in Swagger
- Managing logical resources
Orchestrator APIs
- Alerts requests
- Assets Requests
- Calendars requests
- Environments requests
- Folders requests
- Generic Tasks requests
- Jobs requests
- Libraries requests
- License requests
- Packages requests
- Permissions Requests
- Processes requests
- Queue Items requests
- Robots requests
- Roles requests
- Schedules requests
- Settings requests
- Tasks requests
- Task Catalogs requests
- Task Forms requests
- Tenants Requests
- Transactions requests
- Users requests
- Webhooks requests
Platform Management APIs
- Getting started
  - About this guide
  - Available resources
  - API endpoint URL structure
  - Enumeration List
- Scopes and permissions
  - About scopes and permissions
  - Platform Management scopes and permissions
- Platform Management APIs
  - Audit Logs
    - Get Audit Logs
    - Download Audit Logs
  - Groups
    - Get All Groups
    - Get Specific Group
    - Delete Specific Group
    - Create a New Local Group
    - Update Group
  - Robot Account
    - Get All Robot Accounts
    - Delete Robot Accounts
    - Get Specific Robot Account
    - Delete Specific Robot Account
    - Create a New Robot Account
    - Update Robot Account
  - User
    - Update User
    - Delete Specific User
    - Delete Users
  - Settings
    - Get Settings
    - Update Settings
  - Message Template
    - Get Message Template
    - Update a Message Template
    - Get Message Template by Name

OUT OF SUPPORT

Orchestrator API guide

DELIVERY:

Last updated Dec 16, 2025

ROPC (not recommended)

Important:

Only host administrators should authenticate using the /api/account/authenticate/ endpoint.

Business users should authenticate using external applications.

To retrieve the access token, make a POST request to the /api/account/authenticate endpoint with the following payload:

{
    "TenancyName": "{account_tenant_name}",
    "UsernameOrEmailAddress": "{account_username}",
    "Password": "{account_password}"
}{
    "TenancyName": "{account_tenant_name}",
    "UsernameOrEmailAddress": "{account_username}",
    "Password": "{account_password}"
}

Where:

{account_tenant_name} - is the name of the tenant in your Automation Suite account
{account_username} - is the username of your Automation Suite account
{account_password} - is the password used to log in to your Automation Suite account

Tip:

To find the TenancyName value of your Orchestrator instance, make a GET request to the /odata/Users/UiPath.Server.Configuration.OData.GetCurrentUser.

The response body returns the bearer token, used by your application to authorize further API calls. Therefore, in the Authorization header of an API call, append Bearer xxxx and replace xxxx with the {access_token} value (for example, Authorization: Bearer eyJhbG ... LnVxjA).

{
    "result": "{access_token}",
    "targetUrl": null,
    "success": true,
    "error": null,
    "unAuthorizedRequest": false,
    "__abp": true
}{
    "result": "{access_token}",
    "targetUrl": null,
    "success": true,
    "error": null,
    "unAuthorizedRequest": false,
    "__abp": true
}

Important:

By default, the access token is valid for 30 minutes. To generate a new one, make another call to the api/account/authenticate endpoint.

Was this page helpful?

PREVIOUSExternal Applications (OAuth)

NEXTRead me