web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Automate / HTTP URL for triggerin...
Power Automate
Suggested Answer

HTTP URL for triggering Flow from a .net application

(1) ShareShare
ReportReport
Posted on by Fred dB 10
Hello,
 
I need to call an endpoint hosted on Azure (endpoint exposed by a "Flow" created in Power Automate). I call this endpoint from a C# application (running on an on-premise server), 
The Power Automate endpoint has the following format (workflow GUID is fake):
https://prod-129.westeurope.logic.azure.com:443/workflows/1c88cfee2174ab788c4174cbab9d49b/triggers/manual/paths/invoke?api-version=2016-06-01
 
I'm having difficulties authenticating and successfully invoking this endpoint.
The configuration setting “Who can trigger the flow?” has the value set to “Any user in the tenant.”
This Flow via the above endpoint requires OAuth2 authentication.
 
What I’ve done so far:
I created a Registered App in Microsoft Entra with the following configuration:
Authentication > Supported account types: Accounts in this organizational directory only (note: we are using the same tenant as the one hosting the Power Automate Flow).
Authentication > Advanced settings > Allow public client flows: Enabled → “Yes”
API Permissions: API/Permissions name = "Power Automate" > Flows.Manage.All / Delegated
 
Below is the code snippet I’m using for my tests:
string flowUrl = @"https://prod-129.westeurope.logic.azure.com:443/workflows/1c88cfee2174ab788c4174cbab9d49b/triggers/manual/paths/invoke?api-version=2016-06-01";
string tenantId = "my_tenant_id";
static string clientId = "my_registered_app_client_id";
static string clientSecret = "my_client_secret_key";
 
// Scope candidates tested
static string scope = "https://service.flow.microsoft.com/.default";
// static string scope = "https://logic.azure.com/.default";
// static string scope = "https://management.azure.com/.default";
 
public static async Task<string> TestAPI()
{     
    // Acquire token using MSAL     
    var app = ConfidentialClientApplicationBuilder.Create(clientId)
        .WithClientSecret(clientSecret)
        .WithAuthority(new Uri($"https://login.microsoftonline.com/{tenantId}")).Build();     
    
    var result = await app.AcquireTokenForClient(new[] { scope }).ExecuteAsync();     
    // Prepare HTTP request     
    using var httpClient = new HttpClient();
    httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
    var jsonPayload = "{\"param1\":\"CUSTOMER_GETDETAIL\",\"param2\":\"1090456\",\"param3\":\"EN\",\"param4\":\"User123\"}";     
    var content = new StringContent(jsonPayload, Encoding.UTF8, "application/json");     
    var response = await httpClient.PostAsync(flowUrl, content);     
    var responseBody = await response.Content.ReadAsStringAsync();     
    foreach (var header in response.Headers)
    {
        Console.WriteLine($"{header.Key}: {string.Join(", ", header.Value)}");     
    }
    Console.WriteLine($"Status: {response.StatusCode}");     
    Console.WriteLine($"Response: {responseBody}");
    return responseBody; 
}
 
The response I get when calling the endpoint
Status: Forbidden
Response: {"error":{"code":"MisMatchingOAuthClaims","message":"One or more claims either missing or does not match with the open authentication access control policy."}}
 
Am I doing this correctly?
If the overall approach is correct, which claims are missing, and how can I add them to my token?
I would be very grateful if someone could provide a clear and detailed answer to help solve this issue.
Thank you!
Categories:
Using flows
I have the same question (0)
  • Suggested answer
    Michael E. Gernaey Profile Picture
    Michael E. Gernaey 53,392 Super User 2025 Season 2 on at
     
     
    If these suggestions help resolve your issue, Please consider Marking the answer as such and also maybe a like.
    Thank you!
    Sincerely, Michael Gernaey
  • Fred dB Profile Picture
    Fred dB 10 on at

    Hello Michael,

    Thank you for the link.

    I had already come across this example.
    Unfortunately, it doesn't work for me.

    I believe it's no longer possible to call an "Automate Flow" link directly.
    Security has been tightened, and calling this endpoint now requires OAuth 2.0 authentication.
    I would also like to remind that my .NET application is not hosted on Azure — it's running on a server within my company that has internet access.

    Sincerely,

    Frédéric

  • yashag2255 Profile Picture
    yashag2255 24,769 Super User 2024 Season 1 on at
     
    The authentication mechanism works a little different when you set the option as Anyone in my tenant or specific users in my tenant. You can follow my blog posts here on how to set it up. 
     
     
    Hope this Helps!
     
    If this reply has answered your question or solved your issue, please mark this question as answered. Answered questions helps users in the future who may have the same issue or question quickly find a resolution via search. If you liked my response, please consider giving it a thumbs up. THANKS!
     
  • Fred dB Profile Picture
    Fred dB 10 on at

    Hello Yash,

    Thank you for your response and for the two links.

    I updated the configuration of my App Registration in Microsoft Entra and added the permission as specified in your example:

    Power Automate > User (Delegated / Access Microsoft Flow as signed-in user)

    I noticed that you also have other permissions related to Microsoft Graph (the details aren’t visible in your screenshot).
    For my App Registration, I also added the following permission:
    Microsoft Graph > User.Read (Delegated / Sign in and read user profile)

    Unfortunately, when I call the endpoint, I still receive the same error message:

    Status: Forbidden
    Response: {"error":{"code":"MisMatchingOAuthClaims","message":"One or more claims either missing or does not match with the open authentication access control policy."}}

    I feel like the solution is right at my fingertips. If only the error message were more explicit and could tell me which claims are missing from my authentication token.

  • yashag2255 Profile Picture
    yashag2255 24,769 Super User 2024 Season 1 on at
     
    Can you confirm you are using "https://service.flow.microsoft.com/" instead of  "https://service.flow.microsoft.com/.default" in the static string scope = in your code?
     
    I would also recommend trying to create a successful request with Postman first and then test with your code. My new blog post covering on how to do this with Postman would be live over the weekend. 
     
    Hope this Helps!
     
    If this reply has answered your question or solved your issue, please mark this question as answered. Answered questions helps users in the future who may have the same issue or question quickly find a resolution via search. If you liked my response, please consider giving it a thumbs up. THANKS!
  • Fred dB Profile Picture
    Fred dB 10 on at
    Hi Yash,
     
    Thank you for your support.
     
    When I specify the scope "https://service.flow.microsoft.com/", I receive the following exception:
     
    Microsoft.Identity.Client.MsalServiceException: 'AADSTS70011: The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid. 
    The scope https://service.flow.microsoft.com/ is not valid. Trace ID: 95c8c60bxxxx Correlation ID: 3e593c05xxxxx Timestamp: 2025-07-23 06:16:44Z'
     
    When I specify the scope "https://service.flow.microsoft.com/.default", I receive the following exception:
    Response: {"error":{"code":"MisMatchingOAuthClaims","message":"One or more claims either missing or does not match with the open authentication access control policy."}}
     
    If it's possible for you, could you please include a few lines of C# code in your Postman example to show how the authentication token is generated before being copied into the request header?
    I suspect the way I'm generating my token might not be correct.
    using System;
    using Microsoft.Identity.Client;
    using System.Net.Http.Headers;
            
    var credential = new InteractiveBrowserCredential(new InteractiveBrowserCredentialOptions
                {
                    TenantId = tenantId,
                    ClientId = clientId,
                    AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
                });
    var token = await credential.GetTokenAsync(new TokenRequestContext(new[] { scope }));
    var httpClient = new HttpClient();
    httpClient.DefaultRequestHeaders.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", token.Token);
     
    Thank you.
    PS: For sure, I'll take a look at your new post during this weekend.
     
  • Suggested answer
    Fred dB Profile Picture
    Fred dB 10 on at
    Hi,
     
    I finally managed to make the HTTP request to trigger the Power Automate flow from my .NET application.
     
    The URL that defines the scope must have the following format:
    static string scope = "https://service.flow.microsoft.com//.default";    -> The double slashes before .default are apparently important.
     
    Thank you for your replies and support.
  • yashag2255 Profile Picture
    yashag2255 24,769 Super User 2024 Season 1 on at
     
    That is correct. I was about to add a url to my post but I could not publish it. Here is a screenshot of the auth parameters from Postman: 
     
     
    Hope this Helps!
     
    If this reply has answered your question or solved your issue, please mark this question as answered. Answered questions helps users in the future who may have the same issue or question quickly find a resolution via search. If you liked my response, please consider giving it a thumbs up. THANKS!

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Automate

#1
Michael E. Gernaey Profile Picture

Michael E. Gernaey 501 Super User 2025 Season 2

#2
Tomac Profile Picture

Tomac 323 Moderator

#3
abm abm Profile Picture

abm abm 237 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Share your ideas and struggles with building Power Automate flows!
Survey: Power Automate mobile app
How to Ask for Help with Your Power Automate Workflow
Flows are not visible for users who sign in with their personal accounts
Start and wait for an approval action
Restore a deleted flow
List of actions cheat sheet for Power Automate Desktop
Question for everyone : How are you using Create Text GPT in AI Builder?
Welcome to the Power Automate forum!

Product updates

Microsoft Power Platform Community release plans