API call to /odata/HostLicenses - "You are not authorized!"

I’m trying to reach the endpoint “/odata/HostLicenses”, but I keep being met with the message “You are not authorized!” with errorCode 0.

I have created an external application which I have given access to the application scope “OR.Administration” as required. With the app secret and api key, I’ve retrieved a bearer token from the endpoint “/connect/token”, which I then use in the API call to “/odata/HostLicenses”.

Anyone who has had a similar problem and found a solution?

Hi @Frederik_Wrist_Krogh
As per the Swagger documentation your permissions seem to be correct.
Can you try running the API from Swagger directly since you have everything set and check if you are getting the same issue here as well?
https://cloud.uipath.com/<org_ID>/<tenant_name>/orchestrator_/swagger/index.html#/HostLicenses/HostLicenses_Get

If you are still facing issues, then maybe try tweaking some permissions of your external application.

Thanks,
Nishant

Yeah, its tricky to set up. Lets start at the beginning.
Show us a screenshot of your external app setup on the orchestrator, redact the application ID as you choose but please leave the scopes visible.

I’ve given the required permission to Administration/aAdministration.read, and then I’ve tried giving access to a few other scopes, quite randomly, in the hope of hitting the lucky one.

ExternalApp4

(New user, so I can only send one embedded image pr reply. Hence the many replies)

Ye, response is the same when trying directly from Swagger

Hi @Frederik_Wrist_Krogh,
Please check the below points

  1. “/odata/HostLicenses” works for Host Tenant in Onpremise Stand-alone Orchestrator.
  2. Swagger works only for the orchestrator instance (orchestrator tenant) you kept open in your bowser tab.
  3. Host tenant in Onpremise orchestrator do not have External Apps section. You will have to use Local User Authentication via a Bearer Token (ROPC authentication) with Host Administrator credentials.
  4. Use the above token with Get API “https://orch-url/odata/HostLicenses” and it will return the results.

Assuming you are using Orchestrator onpremise,
Swagger

  1. Open the Host tenant with Admin user in one browser tab,

image

  1. Open the swagger with “https://orch-url/swagger/index.html” on another tab

image

  1. Execute the Get HostLicenses API and you should see the license details

image

Postman

  1. If you are using self-signed SSL certificate with orchestrator, disable the SSL certificate check in postman

image

  1. Use the “api/account/authenticate” to generate the token as mentioned here : Authenticating (uipath.com)

API : POST https://orch-url/api/account/authenticate
Body:
{
“TenancyName”: “{account_tenancy_name}”,
“UsernameOrEmailAddress”: “{account_username}”,
“Password”: “{account_password}”
}

Eg:
{
“TenancyName”: “Host”,
“UsernameOrEmailAddress”: “admin”,
“Password”: “Host@123”
}

You should get a successful response with bearer token valid for 30 mnts.

image

  1. Copy the token from above and use it as a header in further APIs

Header name : Authorization
Header value : Bearer {{token}}

API : GET https://orch-url/odata/HostLicenses

You should get a successful response as shown below

image

I haven’t checked this on Automation Suite so not sure how it works there. Let me know if this is helpful. :slight_smile:

I’ve tried retrieving the bearer token, but I am met with this response:


I’m certain the info passed in the body is correct.

This is the account that I’m trying to retrieve the token with - As you can see it has Administrator rights:

Even when trying to execute the request through swagger, I’m met with this response:
billede

Any ideas? :sweat_smile: