web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Automate / DirectApiRequestHasMor...
Power Automate
Suggested Answer

DirectApiRequestHasMoreThanOneAuthorization

(0) ShareShare
ReportReport
Posted on by
A Power Automate flow that calls another flow via HTTP trigger  around Saturday, 28 June 2026. No changes were made to the flows or calling configuration on our end. The error is:
{
  "error": {
    "code": "DirectApiRequestHasMoreThanOneAuthorization",
    "message": "The request has SAS authentication scheme, 'Bearer' authorization scheme or internal token scheme. Only one scheme should be used.",
  }
}
This is happening in default environment only.
Categories:
I have the same question (0)
  • Suggested answer
    manuelstgomes Profile Picture
    6,643 on at
    That error is not something you broke. It means the request reaching the child flow is carrying two authentication schemes at once, and the HTTP trigger only accepts one. The two schemes are:
    • The SAS signature in the trigger URL (the sp, sv, and sig query parameters).
    • A Bearer/OAuth token in the Authorization header.
    Microsoft has been tightening enforcement of the "only one scheme" rule and rolling it out environment by environment, which lines up with it suddenly appearing in the default environment with no change on your side.
     
    Could be wrong, but I think you have 2 options:
     
    Stay on SAS:
    • In the child flow's trigger, set "Who can trigger the flow" back to "Anyone".
    • In the calling HTTP action, make sure Authentication is set to None and you are NOT sending an Authorization header. Call the full SAS URL only.
    Use OAuth (this is quite tricky):
     
    • Keep the trigger restricted to "Any user in my tenant" or "Specific users".
    • Call the flow with the Bearer token in the Authorization header, but strip the SAS query parameters (sp, sv, sig) off the URL. With OAuth enabled the signature must not be present.
    If this is purely one flow calling another in the same tenant, the cleanest fix is to drop the raw HTTP call entirely and use the Run a Child Flow action instead. It invokes the child internally, so there is no SAS-vs-Bearer collision to manage.
     
    References if they help (I wrote a lot about this):
     
    Hope that points you in the right direction, but if not please let me know and post some details and I'll try to guide you further. 

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Season of Sharing Community Challenge Launch!

Jump in, show your community spirit, and win prizes!

Kudos to our 2025 Community Spotlight Honorees

Expanding mentorship, skilling, and AI innovation

Congratulations to the May Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Automate

#1
Valantis Profile Picture

Valantis 377

#2
11manish Profile Picture

11manish 279

#3
David_MA Profile Picture

David_MA 234 Super User 2026 Season 1

Last 30 days Overall leaderboard