If you’re seeing DirectApiAuthorizationRequired even though the flow shows as successful, you’ve likely hit a recent change in how Power Automate handles HTTP trigger security.
Microsoft has tightened OAuth enforcement. In some cases, the flow still runs, but the caller gets blocked at the API layer due to missing authentication.
Quick ways to fix it
Option 1: Quick fix (allow anonymous)
- Open your HTTP trigger
- Set “Who can trigger the flow?” → Anyone
- Save and use the new URL
This works because the new URL includes the required signature (sig).
Note: This makes the endpoint public, so use only if acceptable.
Option 2: Proper fix (OAuth)
If you need it secured:
- Register an app in Entra ID
- Get a Bearer token (client credentials flow)
Call the flow with header:
Authorization: Bearer <token>
Use scope:
https://service.flow.microsoft.com/.default
Quick checks
Re-save the flow and use the latest URL
If using OAuth, verify token has correct aud and tid
Recommendation
For a quick unblock, use Option 1.
For production, move to OAuth properly.
✅ If this answer helped resolve your issue, please mark it as Accepted so it can help others with the same problem.
👍 Feel free to Like the post if you found it useful.