API Calls, Orchestrator & Security

TastyToast · April 29, 2021, 7:58am

Hi everyone,

I have a security question which I find hard to believe that there is no option for it.

When performing various API Calls to the Orchestrator platform (on premise) how can I make sure that the username & password I have to provide in the POST request can be encrypted / hashed?

What I’d like to do is hash+salt the credentials in my application / plugin or whatever (C#/.Net/VBA doesnt matter) and get a Bearer token with these hashed or encrypted credentials.

So far I can only authenticate with providing the credentials as plain text which is pretty bad. Automatic AD authentication is similarly awful.

Is it not possible for the MSSQL database to compare credentials against a hashed value? If that is possible I could hash my credentials, provide the hashed value in a JSON String with the POST request to the platform and authenticate this way.

Can I encrypt my credentials via AES_CBC_256 and provide them this way in my HTTPRequest?

There must be a security option to avoid security plain text in code I am not seeing.

Does anyone have a clue on this?

Thanks in advance.

system · May 1, 2021, 4:00pm

Hello @TastyToast!

It seems that you have trouble getting an answer to your question in the first 24 hours.
Let us give you a few hints and helpful links.

First, make sure you browsed through our Forum FAQ Beginner’s Guide. It will teach you what should be included in your topic.

You can check out some of our resources directly, see below:

Always search first. It is the best way to quickly find your answer. Check out the icon for that.
Clicking the options button will let you set more specific topic search filters, i.e. only the ones with a solution.
Topic that contains most common solutions with example project files can be found here.
Read our official documentation where you can find a lot of information and instructions about each of our products:
Watch the videos on our official YouTube channel for more visual tutorials.
Meet us and our users on our Community Slack and ask your question there.

Hopefully this will let you easily find the solution/information you need. Once you have it, we would be happy if you could share your findings here and mark it as a solution. This will help other users find it in the future.

Thank you for helping us build our UiPath Community!

Cheers from your friendly
Forum_Staff

Kayobot · May 8, 2022, 10:51am

Hi I am facing same issue, Did you man to solve the issue?

Nithinkrishna · May 8, 2022, 5:31pm

Hey @TastyToast @Kayobot

Currently you can use username and password in the post request body.

Thanks
#nK

Kayobot · May 12, 2022, 1:14am

Using username and password is not an option as it is security issue.

Nithinkrishna · May 12, 2022, 2:09am

Hey @Kayobot

Currently that’s how it is may be you need to check with cloud orchestrator once as it uses client credentials for authentication with OAuth!

Thanks
#nK

Topic		Replies	Views
Orchestrator API authentication with securestring Activities uiautomation , question	3	957	October 3, 2020
Orchestrator installation orchestrator	5	2570	January 25, 2017
Decrypt asset values in Orchestrator database Orchestrator orchestrator , question	3	787	February 24, 2023
How to authenticate orchestrator api using windows credentials Help orchestrator	30	14815	September 7, 2021
Orchestrator API Authentication Help orchestrator , api	3	6378	October 29, 2018

Most Active Users - Yesterday
ashokkarale
MD_Farhan1
Ajay_Mishra
postwick
Dheerendra_vishwakarma
Anil_G
chandreshsinh.jadeja
Gautham_Pattabiraman
vrdabberu
aravindbalineni123
More details...

API Calls, Orchestrator & Security

Related Topics