Get Tenant ID to License Consumption "You are not authorized!"

Help Orchestrator
1

Hi everyone,

I’m trying to retrieve license consumption statistics using the following endpoint:

GET /api/Stats/GetConsumptionLicenseStats

However, this endpoint requires the Tenant ID (either the logical name or ID), which I’m attempting to obtain via:

GET /odata/Tenants

The issue is that whenever I call this endpoint, I receive the following error:

{
	"message": "You are not authorized!",
	"errorCode": 0,
	"result": null,
	"targetUrl": null,
	"success": false,
	"error": {
		"code": 0,
		"message": "You are not authorized!",
		"details": "You are not allowed to perform this operation.",
		"validationErrors": null
	},
	"unAuthorizedRequest": true,
	"__abp": true
}

I’m using an access token obtained through the Client Credentials flow with the OR.Administration scope already included, and I can successfully authenticate and access other endpoints. The problem seems specific to /odata/Tenants.

My questions:

  • Does anyone know how to grant the correct permissions for this type of access via API?
  • Do I need to enable something specific for the external application or the associated identity?
  • How can I get the Tenant ID without using the API?
  • Is there any other way to retrieve license consumption statistics via API?

Any help would be greatly appreciated — thanks in advance!

2

@luca.plein

When you go to admin page and select tenant the last value in url is your tenant key and id would be the tid in your url when you open orchestrator

Cheers

3

Thanks a lot, @Anil_G, that was helpful! :folded_hands:

I was able to identify the tenant key and the tid from the URL as you explained.

However, when I try to use the tenant ID in the endpoint:

GET /api/Stats/GetConsumptionLicenseStats

I still receive a “You are not authorized” error.

I’m using a token obtained via Client Credentials flow with the OR.Administration scope. Other endpoints work fine, but this one seems to require something more.

Do I need to assign specific permissions or roles to the machine identity or the external application to access license statistics?

Thanks again for your help!

4

@luca.plein

Glad it helped

now coming to scope you need monitoring

Screenshot 2025-06-10 at 6.59.50 PM
Screenshot 2025-06-10 at 6.59.50 PM1396×360 24.3 KB

cheers

5

i’m using this scope too

{
“message”: “You are not authorized to perform this action!”,
“errorCode”: 0,
“traceId”: “00-6c399d93f93bd8e84065f68ce375b48b-5f2ab5dd2cbf8f88-00”
}

6

Hi @luca.plein

can you please show the full url that you are using to get the stats?

7

@luca.plein

did you try in swagger first? that will give the exact curl

also make sure you give tenant ID and days as well

Screenshot 2025-06-10 at 7.29.21 PM
Screenshot 2025-06-10 at 7.29.21 PM1148×1738 120 KB

but as per error looks like the scope issue did you geenrate new token after scope update and the scope addition is saved?

cheers

8

@luca.plein

Can you please configure url like below and give a try?

https://cloud.uipath.com/{organization name}/{tenant name}/orchestrator_/api/Stats/GetLicenseStats?days=7&tenantId={tenantId}

or try below URL, it gives the status of all licenses..

https://cloud.uipath.com/{organization name}/{tenant name}/orchestrator_/odata/Settings/UiPath.Server.Configuration.OData.GetLicense

10

image
image1539×398 19.6 KB

the response is empty

11

https://cloud.uipath.com/{organization name}/{tenant name}/orchestrator_/api/Stats/GetLicenseStats?days=7&tenantId={tenantId}

Give the response

Response body

and

https://cloud.uipath.com/{organization name}/{tenant name}/orchestrator_/odata/Settings/UiPath.Server.Configuration.OData.GetLicense

{
“message”: “You are not authorized!”,
“errorCode”: 0,
“result”: null,
“targetUrl”: null,
“success”: false,
“error”: {
“code”: 0,
“message”: “You are not authorized!”,
“details”: “You are not allowed to perform this operation.”,
“validationErrors”: null
},
“unAuthorizedRequest”: true,
“__abp”: true
}

12

hi @luca.plein

Can you please show how are you trying to hit this endpoint url?

using studio or postman?

can you please show your configuration on how you are getting access token and using that to hit this request?

also, can you please show from app registration what your scope looks like?

13

i get token using https://cloud.uipath.com/identity_/connect/token to get token with client_id
client_secret and scope

I using the Insomnia

image
image2030×1317 259 KB

endpont https://cloud.uipath.com/bestit/BESTITDefault/orchestrator_/api/Stats/GetConsumptionLicenseStats?tenantId=1069665&days=1
with Authorization = Bearer + token

14

Hi @luca.plein

Please correct your scope.

Its invalid at the moment thats why you are getting unauthorized error.

either keep
or.administration

or
or.administration.read and or.administration.write

selecting all 3 scopes results in error.

Also, redirect url is not needed when you are using application scope so you can delete that one as well.

15

image
image3347×1254 374 KB

still not authorized
sry i forgot someting?

16

@luca.plein

after changing the scope in external application, did you also copy it again and paste the updated scope in insomnia to get a new access token?

please ensure below:

  1. change the scope in external application and save.
  2. copy the updated scope from external application and paste in insomnia to get a new access token
  3. copy new access token and replace in your license endpoint call
  4. then hit the endpoint request
17

image
image1005×967 19.4 KB

the scope in insomnia have juste these

18

@luca.plein

can you hit folder api or any other api call from orchestrator and confirm you are getting response?

19

image
image1381×610 48.8 KB

yes i’m getting response

20

@luca.plein

could you please confirm you replaced organization name, tenant name and tenantId in this query that I sent and then tried?

21

i do, but te response is empty

image
image1253×452 21 KB