Unanswered

Custom Connector for Custom API

(0) Share

Report

Posted on by Community Power Pla...

Hi everyone,

I have my own custom API which I want to expose to the Power Platform using a custom connector but am getting a 401 unauthorized.

I've created 2 app registrations in Azure Active Directory; one for the API and one for the connector, following the same steps provided in this post/article.

Power Users Post

Microsoft Docs

I've created the custom connector using a Postman definition. It contains two endpoints which accept GET requests; an anonymous one and one requiring authentication. When I try "Test operation", the anonymous works and returns some data, but the other returns a 401.

I'm pretty happy the API authentication is setup correctly because I can manually obtain an access token using the implicit grant flow (selecting the "Access tokens" checkbox in the app registration) and then call the API successfully using Postman.

Below is a couple of screen shots of the security setup. The first using "Azure Active Directory" as the identity provider. The second is using "Generic Oauth 2".

Client id and secret used here is from the connector app registration.

Any ideas what I'm doing wrong?

Thanks

Adam

Categories:

Using connectors

I have the same question (0)

All responses (8)

Answers (0)

v-litu-msft on at

Like (0)

Report

Hi @Anonymous,

I have seen a similar post that has the same issue, it may appear that behind the scenes the Custom Connector may not establish correctly the first time of creation. Please create a second connector and try it again.

This is a blog that introduces how to create a custom connector step by step, hope it helps:

https://medium.com/capgemini-dynamics-365-team/a-microsoft-flow-custom-connector-step-by-step-from-scratch-microsoft-teams-86c3a35f37dc

Best Regards,
Community Support Team _ Lin Tu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Was this reply helpful? Yes No
Community Power Pla... on at

Like (0)

Report

Hi @v-litu-msft , thanks for your reply. I've not found the blog particularly useful...it seems to be out of date (Sign-on URL is not visible when creating a new application registration for me) and it talks about copying the OAuth endpoints but then doesn't use them anywhere.

I can find the bearer token being used by the connector by going to the Request of the the test operation in Step 4 of the custom connector. This is definitely not valid...when I use it in Postman I get the same 401.

A couple of things....

1. Could anyone confirm the inputs for 2. Security? I'm using the default login URL. I'm specifying my own tenancy rather than the default "common". I'm not inputting a scope - do I need something here?

2. Does anyone have a sample Postman definition that I could use to compare with mine?

Thanks Adam

Was this reply helpful? Yes No
Community Power Pla... on at

Like (0)

Report

Hi @yashag2255, I've referenced a post of yours in my original post and wondered if you could be any help here? Have you been able to get something similar to this working?

Thanks Adam

Was this reply helpful? Yes No
Community Power Pla... on at

Like (0)

Report

Hi @v-litu-msft , forgot to say I tried to create connector another 2 times but still face the same problem.

Was this reply helpful? Yes No
Community Power Pla... on at

Like (0)

Report

Update...

I've tried changing the "login URL" to https://login.microsoftonline.com but still no luck.

Was this reply helpful? Yes No
yashag2255 24,769 Super User 2024 Season 1 on at

Like (0)

Report

Hey @Anonymous

Just to make sure that we are covering all the aspects on this setup, can you please confirm the below details?

1) What is passed in the General section while creating this custom connector? You just need to pass the host name.
eg. If the API url is https://abcd.com/get-response , then you only need to pass abcd.com and base url would be /

2) Make sure that you have passed the correct values for below:
Authentication type: OAuth 2.0
Identity Provider: Azure Active Directory
Client ID: Client ID for Client App Registration
Client Secret: Client Secret for Client App Registration
Resource URL: Client ID for Backend App Registration. (Here, I see you passed a URL but this should be the Client Id for the Backend Application).

3) Finally, update the rediect url created in your custom connector, into your client Application registration, remove the existing value and add this newly created one, this is same for all connectors and it is: https://global.consent.azure-apim.net/redirect

Hope this Helps!

If this reply has answered your question or solved your issue, please mark this question as answered. Answered questions helps users in the future who may have the same issue or question quickly find a resolution via search. If you liked my response, please consider giving it a thumbs up. THANKS!

Was this reply helpful? Yes No
Community Power Pla... on at

Like (0)

Report

Hi @yashag2255

Thanks for replying! OK I've checked everything (changed the resource URL to ID) but encounter the same problem.

1. I've just included the root address in the host name and "/" for the base address. I'm confident these are correct as the connector works correctly when I call the anonymous action within the same connector.

2. Changed the Resource URL from the API URL to the API registration client ID as you have suggested. You seem to be able to use the URL and ID interchangeably as calling the authorize endpoint manually in the browser returns an auth code for both.

3. Confirmed the redirect URL that gets generated when the connector is created exists as a reply URL in the azure app client registration.

Once I've created the connector I did the following...

1. Go to "4. Test" and create a "New connection".
2. A window opens and I select my Microsoft account and the connection is created.
3. Open Fiddler; I can see the GET request to the authorize endpoint and I can see the auth code in the response. I assumed I'd see a second request to the token endpoint where is exchanges the auth code for an access token but I don't.
5. Back in the connector I click "Test operation" which fails with a 401.
6. I can see a bearer token in the request header so assumed it obtained an access token somehow i.e...
{
"Authorization": "Bearer xxx...
}

Any help you can provide with this would be most appreciated 🙂

Adam

Was this reply helpful? Yes No
HaibaraAi 2 on at

Like (0)

Report

I have the same problem.
I solved this by add delegate access permission from register application (client).
maybe we can't select implicit or clientcredentials.
we can only use this by authorize code flow.

Was this reply helpful? Yes No