UiPath API OAuth - HTTP 405 Method not allowed


First time poster so be gentle.

Im trying to set up my external program to be able to add and get queue items from my community license cloud orchestrator. I’m finding the online documentation very brief.

When attempting to get an access token by sending a POST request to UiPath

the request body is :

  "grant_type" : "client_credentials",
  "client_id" : {
    "app_id": "12345"
  "client_secret" : {
    "app_secret": "abcd"
  "scope" : {
    "UiPath.Orchestrator": "OR.Queues"

I’ve set up a confidential app with an application scope in the orchestrator and am using the app id and secret in the body above. Is this correct?

When I submit the request I get a 405 method not allowed response.

Hoping someone here is kind enough to point me in the right direction.


Hello @Shaun2!

It seems that you have trouble getting an answer to your question in the first 24 hours.
Let us give you a few hints and helpful links.

First, make sure you browsed through our Forum FAQ Beginner’s Guide. It will teach you what should be included in your topic.

You can check out some of our resources directly, see below:

  1. Always search first. It is the best way to quickly find your answer. Check out the image icon for that.
    Clicking the options button will let you set more specific topic search filters, i.e. only the ones with a solution.

  2. Topic that contains most common solutions with example project files can be found here.

  3. Read our official documentation where you can find a lot of information and instructions about each of our products:

  4. Watch the videos on our official YouTube channel for more visual tutorials.

  5. Meet us and our users on our Community Slack and ask your question there.

Hopefully this will let you easily find the solution/information you need. Once you have it, we would be happy if you could share your findings here and mark it as a solution. This will help other users find it in the future.

Thank you for helping us build our UiPath Community!

Cheers from your friendly

I’m assuming based on your wording that you are registering an External app with Application Type: Confidential and Scope: Application in which case you would follow the Client Credentials instructions.


What this documenation doesn’t highlight is that you can send your credentials as an Authorization Header or as part of the Body (They show it as part of the Body), however you want to note that it is not a JSON Payload, but a list of Key:Value pairs sent as application/x-www-form-urlencoded

Option 1: Send a POST Request with Basic Auth Header

 Content-Type: application/x-www-form-urlencoded
 Authorization: Basic {{OAuth_BasicToken}} (Where token is the Basic Auth encoded form of your ClientID & Client Secret)



Option 2: Send a POST Request with Client Credentails in body

 Content-Type: "application/x-www-form-urlencoded"



If you are using something like Postman to test it out you can set it up under the Authorization tab and setting Type to OAuth 2.0 and fill out a few fields. This method still requires you to fetch and set the Authorization Token to use, you could skip this and write a few dozen lines of code in the Pre-request Script that would look after the initial Authentication and also handle refreshing the token when it becomes invalid.

An older post that may help you as well regarding Postman