orchestrator
2021.10
false
  • Getting started
    • About OData and references
    • Enumerated types
    • Authenticating
    • Building API Requests
    • Permissions per endpoint
    • Response codes
    • Health Check Endpoints
  • Swagger definition
  • Orchestrator APIs
UiPath logo, featuring letters U and I in white
OUT OF SUPPORT

Orchestrator API guide

Last updated Jul 18, 2025

Authenticating

API Authentication ensures only authorized parties can interact with the available resources and perform necessary actions. UiPath offers multiple methods of authentication for different scenarios.

Local User Authentication via a Bearer Token (ROPC authentication)

Important: We support authentication through ROPC for backwards compatibility for Orchestrator instances that have been migrated from standalone to Automation Suite deployments.Only Host administrators should authenticate using the /api/account/authenticate/ endpoint.Business users should authenticate using External Applications.
The resource owner password credentials authentication method is tenant scoped, therefore external application won't be able to authenticate using this method, as an external app cannot be created at tenant level.
  1. To retrieve the access token, make a POST request to the {OrchestratorURL}/api/account/authenticate endpoint with the following payload:
    {
    "TenancyName": "{account_tenancy_name}",
    "UsernameOrEmailAddress": "{account_username}",
    "Password": "{account_password}"
}{
    "TenancyName": "{account_tenancy_name}",
    "UsernameOrEmailAddress": "{account_username}",
    "Password": "{account_password}"
}

    In the above request:

    • {account_tenancy_name}—is the tenant unique identifier in your Automation Suite account
    • {account_username}—is the username of your Automation Suite account
    • {account_password}—is the password used to log in to your Automation Suite account
  2. To find the TenancyName value of your Orchestrator instance, make a GET request to the /odata/Users/UiPath.Server.Configuration.OData.GetCurrentUser endpoint.
    The response body returns the bearer token, used by your application to authorize further API calls. Therefore, in the Authorization header of an API call, append Bearer xxxx and replace xxxx with the {access_token} value (for example, Authorization: Bearer eyJhbG ... LnVxjA).
    {
    "result": "{access_token}",
    "targetUrl": null,
    "success": true,
    "error": null,
    "unAuthorizedRequest": false,
    "__abp": true
}{
    "result": "{access_token}",
    "targetUrl": null,
    "success": true,
    "error": null,
    "unAuthorizedRequest": false,
    "__abp": true
}
    By default, the access token is valid for 30 minutes. To generate a new one, make another call to the api/account/authenticate endpoint.
    Important: If your organization uses the Azure Active Directory model, you must register external applications in Orchestrator and use the OAuth flow.

Accessing Swagger

If you are using Swagger to try our API, just log in to your Orchestrator instance in a separate tab.

The Orchestrator API Swagger definition can be accessed by adding the /swagger/ui/index#/ suffix to your Orchestrator URL. For example, https://{yourDomain} /swagger/ui/index#/.

Domain User Authentication

Important:

API access with Windows Auto-logon (NTLM authentication) has been removed, as indicated in the deprecation timeline.

We recommend that you use the OAuth flow instead, which requires registering external applications in Orchestrator.

If the external application is already registered, refer to Using OAuth for External Apps.

Was this page helpful?

Support and Services
Get The Help You Need
UiPath Academy
Learning RPA - Automation Courses
UiPath Forum
UiPath Community Forum
Uipath Logo
Trust and Security
Terms of Use
Privacy Policy
Cookies Policy
© 2005-2025 UiPath. All rights reserved.