I believe that what makes it confusing by comparing to other APIs is that :
-There are too many tokens, half of the tasks are done with Bearer Access Token and Bearer ID Token.
-You need to heal that every day with a refresh token
-The documentation and forum posts mix different methods
Suggestions: improve naming conventions, remove documentation that leads to paths that will not work anymore, reduce the number of tokens, if possible remove that refresh token.
If security is a concern why not using 2-factor authentication?
I insisted a little bit and now I got into a new problem, ALL requests except regenerate tokens are dead again aka "it says authentication failed, I am getting variations of these responses despite generating multiple Bearer ID and access tokens with the refresh code:
"message": "You are not authenticated!",
"details": "You should be authenticated (sign in) in order to perform this operation
So, basically after trying this step it broke all of my authentication chain for all postman API mockups : 1-Discovering UI PAth Account
2-Getting Service Instance Logical Name
3-Making Orchestrator API Calls
4-Get Jobs Started by Robots
5-Retrieving Robot ID
6-Get Jobs Started by Robot Name
7-Retrieveing Robot ID
8-Retrieving Robot Information According to ID
9-Get Releases Get All
10-Get Jobs - Get
11- Jobs - Stat job with inputs
Hello, if anyone is using Node.js, I’d appreciate some feedback on the experimental support of Cloud Platform OAuth added a couple of weeks back (see the mention of refreshToken in the readme):
There is also a tools folder to get the refresh token without too much pain.
I fixed it.
The problem occurred when I downloaded the postman collection template from UiPath and somehow it affected a “production” collection I am using for my project. I erased all pre-defined settings then it works now
This is interesting @qbrandon
I’m trying to build a automated Ci/CD pipeline for API monitoring using Postman’s automated runner (Newman) that doesn’t involve any external application but just pure Postman Collections, to make sure we separate the API from any existing code. Any ideas on that is achievable?
Do we really need a refresh token? so far I have these other API’s in my web application:
Hello, not a heavy user of POSTMAN myself, so I do not know any specific limitation…
Do we really need a refresh token?
Many public services provide the option of using API keys as authentication mechanism to simplify the process. However, with the Cloud Platform, we are in essence exposing an identity management platform on top of our SaaS (at this point basically Orchestrator)
We have plans to offer the possibility of provisioning API key style credentials in Orchestrator to cover similar use cases, but for now only the complete user authentication flow between the Cloud Platform and Orchestrator is necessary, hence the arguably heavy OAuth dance with refresh tokens and access tokens.
I didn’t test it myself, but it could already make it simpler.
As to the auto-refresh, I had an Azure LogicApp process that adds queue items to Orchestrator via API and I simply made another process that refreshes my access_token with the refresh_token. If you have a way to run an automated (time scheduled) query with Postman, then that would be the way to go.
i am able to call all the api given there but now, question is now i want to run the process or bot the robot through api.
May i know how to proceed further from here, because for every api i am getting unauthorized error even after using the access token.
Please help.
Regards,
Manish Jawla
Hi Loginerror,
I am done with the above api calls, they are working fine thanks for all the assistance but may i know further procedure to call the rest of the api for trigger the process?
Regards,
Manish Jawla