web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Agent Academy Hackathon is happening now!
🚀 Season of Sharing Community Challenge Launch!
Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / Custom Connector (OAut...
Power Apps
Suggested Answer

Custom Connector (OAuth 2.0) works in Postman but returns 401 in Power Platform (Productboard API)

(1) ShareShare
ReportReport
Posted on by AD-16021546-0 13

Description:

I am experiencing a persistent 401 Unauthorized error when calling the Productboard "Notes" API via a Custom Connector, despite the same configuration working perfectly in Postman.

Troubleshooting Completed:

  1. Token Validation: Confirmed via Postman that the OAuth 2.0 Access Token is valid, has the notes:read scope, and belongs to the correct user/workspace.

  2. Header Verification: The request includes mandatory headers: X-Version: 1, Accept: application/json, and Authorization: Bearer [token].

  3. Outbound Request Inspection: I changed the Connector Host to Webhook.site to inspect the raw outbound request from the Power Platform Gateway.

    • The Result: The Authorization header correctly contained the Productboard Bearer token.

    • The Observation: The Power Platform is successfully passing the token, but Productboard is rejecting the request with a 401 when the host is set back to api.productboard.com.

  4. Security Layer Test: Attempted to "mask" the request by adding a User-Agent: PostmanRuntime/7.41.1 header. This resulted in a 403 Forbidden (likely a Cloudflare JA3 fingerprint mismatch).

  5. Direct Node Test: Calling the connector directly from a Copilot Studio Agent node also results in a 401.

The Technical Conflict:

Since the token is confirmed valid (via Postman) and is confirmed to be sent by the Gateway (via Webhook.site), why would the destination API return a 401 only when the request originates from the Power Platform?

I suspect there is a hidden header or a "Traffic Fingerprint" (User-Agent, etc.) being injected by the Azure API Hub / Island Gateway that is causing Productboard's security layer (Cloudflare) to drop the authentication context.

The Ask:

  1. Is there a known issue where the Authorization header is stripped or modified by the Gateway when talking to specific external APIs?

  2. How can I ensure the Power Platform sends a "clean" request that matches the fingerprint of a standard tool like Postman?

  3. Is there a way to view the actual response headers from the 401 error (the ones from Productboard, not the Microsoft proxy) within the Power Platform?

Categories:
Building Power Apps
Connector development
I have the same question (0)
  • Suggested answer
    Haque Profile Picture
    Haque 3,329 on at
     
    In the first place, I would suggest contacting the API provider if they have known restrictions on requests from Power Platform or require whitelisting.
     

    The Ask Vs The Ans:
     
    Answer to the question no 1:
     
    Basically, when using an on-premises data gateway or certain network configurations, the Power Platform Gateway or proxy layers can strip or modify headers like Authorization. This type of case may arise due to security policies, restrictions in header, or gateway limitations. Usually in custom connectors, if we manually add an Authorization header while OAuth is configured, the platform may override or ignore it, causing issues. Hence, it’s very important to configure OAuth properly in the connector’s security tab and avoid manually setting Authorization headers in the request.
     
    Answer to the question no 2:
     
    At this point, I can say there is a chance Power Platform’s HTTP requests may differ from Postman in TLS fingerprints, User-Agent headers, or other subtle network characteristics. To put check on this what we can do:
    • Please avoid manually setting User-Agent headers that kind of same in Postman, as this can trigger security blocks (e.g., Cloudflare JA3 fingerprint mismatches).
    • I would suggest using Power Automate’s default HTTP actions or Custom Connector OAuth flows without overriding headers – this is very important.
    • One additional area to ensure your connector’s host, base URL, and request format exactly match Postman’s working requests.
    • It’s always better to test requests via Webhook.site or similar tools to compare raw requests, check the details there.
     
    Answer to the question no 3:
    It is a very sensitive area, as we know Power Platform’s built-in HTTP actions and Custom Connectors do not directly expose full raw response headers in the flow run history. What we can do alternatively is:
    1. Use the Custom Connector’s Test tab to see detailed request and response info, including some headers.
    2. Add logging or proxy tools (like Webhook.site) to capture outbound requests and responses.
    3. One additional option to use Azure API Management or other API gateways as intermediaries to log full headers.
    4. In HTTP actions, capture the response body and status code, but headers are limited.
    5. To do some advanced diagnostics, we can use Fiddler or network tracing tools on your client or gateway environment.
     
    Lastly, please capture response body and status code in flows for error handling, though headers remain limited.
     
    Before I close, take a separate flow, test only HTTP connector to see how it behaves.
     
    Please let me know if these area help to resolve the issue.
     
     
    I am sure some clues I tried to give. If these clues help to resolve the issue brought you by here, please don't forget to check the box Does this answer your question? At the same time, I am pretty sure you have liked the response!
     
  • Haque Profile Picture
    Haque 3,329 on at
     
    I was folloing up on any luck you could solve this?

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Agent Academy Hackathon is happening now!
🚀 Season of Sharing Community Challenge Launch!
Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the April Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
Vish WR Profile Picture

Vish WR 428

#2
Haque Profile Picture

Haque 338

#3
timl Profile Picture

timl 333 Super User 2026 Season 1

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans