Unanswered

Unable to retrieve authorization token from response header

(0) Share

Report

Posted on by JonathanR

I use a SaaS product with it's own API over which I have no control.

To obtain the authorization token I do a POST request with username and password in the body, and the token is in the response HEADER, rather than body. This token is then used for all other API requests.

This works fine in Postman, as per below: -

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Authorization: a<redacted>z
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Expose-Headers: accept, authorization, content-type
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Date: Wed, 04 Nov 2020 09:25:20 GMT
Content-Length: 173

However, in Power Automate the Authorization header is suppressed, the HTTP action gives only the following headers: -

Pragma no-cache
Vary Accept-Encoding
Access-Control-Allow-Origin *
Access-Control-Allow-Headers Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Expose-Headers accept, authorization, content-type
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1; mode=block
Cache-Control no-store, no-cache
Date Wed, 04 Nov 2020 08:04:23 GMT
X-Powered-By ASP.NET
Content-Type text/html
Expires -1
Content-Length 60

Although I can't find any documentation for the HTTP action (am I missing something?) it seems to be that these headers are suppressed for security reasons. The same is also true if I create a Custom Connector.

Is there a way of turning this suppression off so that I can get to the header content that I need?

Thanks in advance

Kind Regards

Jonathan

Categories:

Using connectors

I have the same question (0)

All responses (5)

Answers (0)

murshed Microsoft Employee on at

Like (0)

Report

Hi @JonathanR
Can you please give us more detail on what you are trying to do? If you have access to the third party API, you can define the API in a custom connector. You can also specify that the custom connector is a basic auth.

Once you are done building the custom connector you will need to create a connection to use the connector in a flow. This is when the user name and password will be required. The response token will be saved securely in PowerAutomate.

In other words, you don't need to manually perform a HTTP request and expose the auth token.

Please let me know if you have more questions.

Was this reply helpful? Yes No
JonathanR 22 on at

Like (0)

Report

Hi @murshed

I have tried using a custom connector before posting on here.

The problem is that the API uses an API Key, not basic auth, for all but one of its endpoints.

The API key is not fixed, to get the current valid API Key you need to call the authorization endpoint, (username & password are in the request body). The key is in the response header as shown above, and I need this key for the requests to the other endpoints.

Admittedly it wouldn't matter if I couldn't see it, as long as I could reference it, but there appears to be no way of doing this?

Kind regards

Jonathan

Was this reply helpful? Yes No
shyamsu on at

Like (0)

Report

@JonathanR custom connector allows specifying response headers. Did you try explicitly defining Authorization header in response?

Was this reply helpful? Yes No
MBarimah on at

Like (1)

Report

Hello Jonathan, I am having the same exact issue you had, did you find any solution to this?

Was this reply helpful? Yes No
JonathanR 22 on at

Like (0)

Report

Apologies, I had a long authentication problem of not being able to sign in here due to security setup.
I was given a proposed workaround, and have seen a successful PoC, but never ended up actually using it - to use an Azure Function Proxy to create a cloned header with a different name.

Was this reply helpful? Yes No