Connection to UiPath with Service Principal in Azure Data Factory

Hi WerciaS,

It looks like you’re almost there, but the Web activity isn’t formatting your token request quite the way UiPath’s OAuth endpoint expects. ADF’s Web activity with “Authentication: None” will let you roll your own client-credentials call, but you need to:

Use properly URL-encoded body parameters • In the Body textbox make sure you use ampersands (&) between each key/value pair, for example:

grant_type=client_credentials&client_id=<your-app-id>&client_secret=<your-secret>&scope=default

• If UiPath requires a resource or specific scope value, swap out scope=default for whatever their docs list (e.g. scope=api://…/user_impersonation).

1. Point to the correct UiPath token endpoint • Verify you’re hitting the right URL – UiPath recently standardized on: https://account.uipath.com/oauth/token or,
   depending on your region, https://cloud.uipath.com/identity_/connect/token
   • Double-check the casing and path, and include any required query string (tenant, organization, etc.) if their docs show it.
2. Set headers for a form-post • In Headers add: Content-Type → application/x-www-form-urlencoded
   • (You can also add Accept: application/json if you’re parsing JSON.)

Pull your secrets from Key Vault (optional but recommended) • Use a Lookup or Get Metadata activity to fetch the client secret from Azure Key Vault rather than hard-coding it.

Once the Web activity returns an { "access_token": "…" } payload, feed that into your subsequent UiPath API calls by setting the Authorization: Bearer @{activity('Web1').output.access_token} header.

Hope that gets you past error 2108! If you still see issues, here are a few follow-ups that can help us drill in deeper:

• Which exact URL (including query string) are you calling?
• Does your UiPath application registration have the correct “API Access → Applications” roles assigned?
• Are you seeing a more detailed error message in the Web activity output (e.g. invalid_client or invalid_scope)?
• Have you tried the same call in Postman or curl to rule out ADF formatting?

Reference docs
• Web Activity – control-flow-web-activity https://learn.microsoft.com/azure/data-factory/control-flow-web-activity
• Troubleshooting Access Token Generation in ADF https://support.microsoft.com/azure-data-factory-access-token-issues
• Service Principal Authentication in ADF v2 https://learn.microsoft.com/fabric/data-factory/service-principals

I hope this helps. If you have any questions or concerns, please let us know we're happy to assist further.

Hi,

The issue is most likely with the token request format, not with Azure Data Factory authentication itself.

In ADF Web Activity, keeping Authentication = None is correct in this case, because the UiPath token endpoint expects the client credentials in the POST body, not through ADF’s Service Principal authentication settings.

Check this link: https://learn.microsoft.com/en-us/azure/data-factory/control-flow-web-activity

Also check :

1. Use the token endpoint with your organization name: https://cloud.uipath.com/{organizationName}/identity_/connect/token
2. Send the request body as application/x-www-form-urlencoded with parameters separated by &, for example: grant_type=client_credentials&client_id=<client_id>&client_secret=<client_secret_value>&scope=<scope>
3. Make sure you are using the client secret value, not the secret ID
4. Confirm that the application is registered as a UiPath external application and has the required scopes

UiPath’s official docs for external applications and client credentials may help: https://docs.uipath.com/automation-cloud/automation-cloud/latest/api-guide/accessing-uipath-resources-using-external-applications

Hope this helps