API Calls, Orchestrator & Security

Hi everyone,

I have a security question which I find hard to believe that there is no option for it.

When performing various API Calls to the Orchestrator platform (on premise) how can I make sure that the username & password I have to provide in the POST request can be encrypted / hashed?

What I’d like to do is hash+salt the credentials in my application / plugin or whatever (C#/.Net/VBA doesnt matter) and get a Bearer token with these hashed or encrypted credentials.

So far I can only authenticate with providing the credentials as plain text which is pretty bad. Automatic AD authentication is similarly awful.

Is it not possible for the MSSQL database to compare credentials against a hashed value? If that is possible I could hash my credentials, provide the hashed value in a JSON String with the POST request to the platform and authenticate this way.

Can I encrypt my credentials via AES_CBC_256 and provide them this way in my HTTPRequest?

There must be a security option to avoid security plain text in code I am not seeing.

Does anyone have a clue on this?

Thanks in advance.


Hello @TastyToast!

It seems that you have trouble getting an answer to your question in the first 24 hours.
Let us give you a few hints and helpful links.

First, make sure you browsed through our Forum FAQ Beginner’s Guide. It will teach you what should be included in your topic.

You can check out some of our resources directly, see below:

  1. Always search first. It is the best way to quickly find your answer. Check out the image icon for that.
    Clicking the options button will let you set more specific topic search filters, i.e. only the ones with a solution.

  2. Topic that contains most common solutions with example project files can be found here.

  3. Read our official documentation where you can find a lot of information and instructions about each of our products:

  4. Watch the videos on our official YouTube channel for more visual tutorials.

  5. Meet us and our users on our Community Slack and ask your question there.

Hopefully this will let you easily find the solution/information you need. Once you have it, we would be happy if you could share your findings here and mark it as a solution. This will help other users find it in the future.

Thank you for helping us build our UiPath Community!

Cheers from your friendly

Hi I am facing same issue, Did you man to solve the issue?

Hey @TastyToast @Kayobot

Currently you can use username and password in the post request body.


Using username and password is not an option as it is security issue.

Hey @Kayobot

Currently that’s how it is may be you need to check with cloud orchestrator once as it uses client credentials for authentication with OAuth!