Hi All, I have been dealing with this issue where I am able to call an API through Postman but when I do it through UiPath, the NTLM authentication does not work. I am not doing windows authentication, I am doing negotiated authentication with custom credentials since we have a service account credential. Its the same credentials I am using in Postman.
Could you please let us know which WebAPI package version are you using, and whether you are leveraging the new HTTP Request activity?
Am I correct to assume that you are already using that activity with the “Use operating system credentials” set to False?
–
Additionally, could you specify a few more details for the NTLM authentication does not work? Is there an error message, is the request response unexpected?
Hello, I am using the version 2.3.2 for the WebAPI Package. I am using the activity in the screenshot and I am clicking “False” for “Use Operating System Credentials” and passing the Custom Credentials through a variable. I am saving the credentials like this: "New System.Net.NetworkCredential(“Username”,“Password”,“Domain”).
So I am making an API call to get PDF bytes. When I do it through Postman, I am receiving the result as expected but when I do it through UiPath studio, my output looks like this:
HttpResponseSummary {BinaryContent=byte[0] { }, ContentHeaders=List<KeyValuePair<string, string>>(1) {{“Content-Length”, “0” }}, File=null, Headers=List<KeyValuePair<string, string>>(6) { { “Cache-Control”,
“private” }, {“X-AspNet-Version”, “4.0.30319” }, { “WWW-Authenticate”, “NTLM, Negotiate”}, { “X-Frame-Options”, “SAMEORIGIN” }, {“Strict-Transport-Security”, “max-age=31536000”}, { “Date”, “Tue, 13 Jan 2026 15:39:14 GMT” }}, RawRequestDebugginginfo=‘’“, StatusCode=Unauthorized, TextContent=”" }
Just wanted to add that I used my windows credentials in postman just now and it worked there so I marked “Use Operating System Credentials” to “True” and tried running it. I received the same unauthorized error message.
Are you doing this in Studio on your machine logged in as you, or from a robot server as a service account?
Please try this:
- Find this setting in the HTTP Request activity and set it to True:
- Then test the request with the Test button (make sure everything is hard coded, because it won’t work with variables for this Test button)
- The report section will now be filled with all the details about your request, like all the request and response headers and all the rest; this should give us further hints when compared to the Postman ones:
(note that the small Report window can be scrolled, and will contain information you shouldn’t share here without sanitizing it)
Hi, this is what I see:
[Status]
401 Unauthorized
[Headers]
Cache-Control: private
X-AspNet-Version: 4.0.30319
WWW-Authenticate: NTLM, Negotiate
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000
Date: Tue, 13 Jan 2026 16:56:53 GMT
[Content Headers]
Content-Length: 0
[Body]
(none)
Yes, in studio on my machine logged in as me. I also tried it from a server but it did not work there either.
Is your Studio installed in user or service mode?
You can check in Studio on the Start tab at the bottom. For example mine looks like this:
Mine says Per-User installation
Ok sounds like you’re installation is correct. I was just wondering if it was trying to use the service account for authentication rather than your user.
UiPath handles NTLM differently than Postman.
Use HTTP Request → Windows authentication → Custom credentials, pass the username as DOMAIN\username, and try with PreAuthenticate disabled.
Also make sure the robot machine has domain/network access to the API.
You’re almost in the right place to get more info.
Note that you can still enable this option on the activity (set it to True)
Your report will then return much more useful for debugging info, like this below; it will be much easier to compare with Postman:
[Debug] Request Trace
Response: 200 OK
StartedUtc: 2026-01-14T08:43:44.1988197+00:00
CompletedUtc: 2026-01-14T08:43:45.7576219+00:00
ElapsedMs: 1558
InitialUri: https://google.com/
FinalUri: https://consent.google.com/ml?continue=https://www.google.com/
RedirectDetected: True
Mode: Studio Desktop (Design-time)
ResponseBodyReadMode: Partial
[Transport]
DisableSslVerification: False
SslProtocol: None
CookieManagement: enabled
AllowAutoRedirect: True
MaxAutomaticRedirections: 3
UseNegotiatedAuth: False
Proxy: (none)
[Retry]
PolicyType: Basic
RetryCount(Configured): 3
PreferRetryAfter: True
MaxRetryAfterDelayMs: 30000
Attempts: 1
Attempt 1: Status=200 OK IsLast=True RetryAfterSource=None StartedAt=2026-01-14T08:43:44.1988227+00:00 CompletedAt=2026-01-14T08:43:45.7576195+00:00
[Request Body]
No body
[Request Headers]
sample: header
[Response Headers]
Cache-Control: no-store, must-revalidate, no-cache, max-age=0
Pragma: no-cache
Date: Wed, 14 Jan 2026 08:43:45 GMT
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked
[Response Content Headers]
Content-Type: text/html; charset=utf-8
Expires: Mon, 01 Jan 1990 00:00:00 GMT
[Response Options]
SaveResponseAsFile: False
FileOverwrite: AutoRename
[Response Body]
Long Body content
Ah okay I see that now. I am now seeing: 401- Unauthorized: Access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you.
Issue is that these credentials are working via Postman.
Hi, how do I disable preauthenticate? I don’t see this option in the properties.
You cannot disable or enable PreAuthenticate in UiPath’s HTTP Request activity because that option is not exposed in Studio.
Use HTTP Request with Windows authentication, set UseDefaultCredentials to False, and pass the username as DOMAIN\serviceaccount with the password. Do not add any Authorization headers or mix authentication types.
If NTLM still fails (which is common), it’s a limitation of the HTTP Request activity. Postman handles NTLM automatically, UiPath often does not. The reliable workaround is to use Invoke PowerShell (Invoke-WebRequest with credentials) or Invoke Code with HttpClientHandler and NetworkCredential.
Have you tried Invoke Powershell before and gotten it to work? I tried what you suggested with HTTP activity (which is what I had been doing), and its still not working. I am passing the credentials in a variable like this though: "New System.Net.NetworkCredential(“Username”,“Password”,“Domain”). I also tried adding “Domain\Username”, “Password” and that did not work either.
Yes, I’ve gotten it to work with Invoke PowerShell. The issue you’re running into isn’t your credentials syntax, it’s that the HTTP Request activity simply doesn’t handle NTLM reliably, and it doesn’t evaluate NetworkCredential objects at all. Anything like New System.Net.NetworkCredential(…) will never work in that activity because those fields are just plain strings.
That’s why what works in Postman keeps failing in UiPath’s HTTP Request.
The reliable solution is to bypass the HTTP Request activity entirely.
Invoke PowerShell works because Windows handles the NTLM handshake correctly. A minimal working example is:
$sec = ConvertTo-SecureString “PasswordHere” -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential(“DOMAIN\Username”, $sec)
$response = Invoke-WebRequest
-Uri “https://your-api-url”
-Method Get
-Credential $cred
-UseDefaultCredentials:$false
$response.Content
Put this in Invoke PowerShell with IsScript = True and capture the output as a string. Do not add any Authorization headers.
If you prefer staying inside UiPath without PowerShell, Invoke Code in C# also works. You must create an HttpClientHandler and pass NetworkCredential there. That’s the only place UiPath will actually respect it.
HTTP Request with Windows authentication and NTLM is a known limitation. If NTLM is required, Invoke PowerShell or Invoke Code are the only dependable options.
Thank you Monali. I tried the Powershell script but am still getting errors saying “Invoke PowerShell: Cannot process argument transformation on parameter ‘Credential’. userName”.