web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
Register Today: Microsoft Business Applications Update- April 15th
Your Invited to Keeping It Real with the Power Platform
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Automate / Header token authentic...
Power Automate
Unanswered

Header token authentication with an on-premise API?

(0) ShareShare
ReportReport
Posted on by RyanW7 35

Hello all,

 

I am trying to create a PowerApps front-end to an internal network API that is not internet accessible.

 

I can hit the API endpoints by enabling Data Gateway on the PowerApps Custom Connector, but this limits the forms of authentication I can use down to Windows and Basic.

 

As I've read up on, it appears for APIs that use a bearer token in the header authentication, there is a need to have the "API Key" authentication method selected when creating the Custom Connector, however this isn't available when using the Data Gateway. See: https://powerusers.microsoft.com/t5/Connecting-To-Data/Using-API-Key-Authentication-Type-While-Connecting-to-On-prem/td-p/194411

 

Without exposing this API directly to the Internet, is there any options that I'm failing to think of that someone can suggest?

Thank you!

Categories:
Using connectors
I have the same question (0)
  • v-litu-msft Profile Picture
    v-litu-msft Microsoft Employee on at

    Hi @RyanW7,

     

    What authentication methods does your data source support?

    There is a post about Authorization Bearer in Header, I hope it could help you something:

    https://powerusers.microsoft.com/t5/Connecting-To-Data/Authorization-Bearer-in-Header-Custom-Connector/td-p/51541 

    Best Regards,
    Community Support Team _ Lin Tu
    If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

  • RyanW7 Profile Picture
    RyanW7 35 on at

    Hello @v-litu-msft 

     

    I did see that post and that method  is exactly what I'm trying to accomplish,

    the problem I am facing is you cannot use 'API Key' authentication if you enable 'Data Gateway'.

     

    The reason 'Data Gateway' is needed is because my API endpoint is within a private network space and not publicly hosted.

     

    My application creates a bearer token for authentication via:

    POST https://myapisever.internal.com/login

    Headers: Content-Type application/json

    Body:

    {

      "username": "user",

      "password": "password"

    }

     

    The response is as such with a body of:

    {

      "access_token": "<authentication token>"

    }

     

    That <authentication token> needs to be in the header of any further API calls past logging in.

     

    Does that help clarify?

  • Community Power Platform Member Profile Picture
    Community Power Pla... Microsoft Employee on at

    @RyanW7 Did you ever find a way to do this?

    Also having the same issue...

  • yasminSarbaoui Profile Picture
    yasminSarbaoui Microsoft Employee on at

    Hey there @RyanW7 , did you solve this issue ?

  • shyamsu Profile Picture
    shyamsu Microsoft Employee on at

    @yasminSarbaoui what auth type does your API support? For APIKey auth, you can try SetHeader or SetQueryParameter policy template : https://docs.microsoft.com/en-us/connectors/custom-connectors/policy-templates

     

  • yasminSarbaoui Profile Picture
    yasminSarbaoui Microsoft Employee on at

    @shyamsu just found out that we are on self signed scenario. 

  • shyamsu Profile Picture
    shyamsu Microsoft Employee on at

    @yasminSarbaoui by self signed, do you mean self signed certificate?

  • RyanW7 Profile Picture
    RyanW7 35 on at

    Hello @yasminSarbaoui  and @Anonymous, No this remains unresolved.

    There is currently no supported function to do header token authentication within a custom API connector that is on-premise. The only workarounds I have seen are to expose the API to the public Internet, OR to set it as 'No Authentication' and attempt to use a raw HTTP calls to provide the header which appears to be blocked as well.

    2020-11-30 11_27_55-Power Apps.png2020-11-30 11_28_23-Power Apps.png

  • PaddyWann Profile Picture
    PaddyWann 101 on at

    Hey, If I mark my custom connector with no authentication, I still get a bearer token in the request header. Is that normal?  

    PaddyWann_0-1629994861997.pngPaddyWann_1-1629994892043.pngPaddyWann_2-1629994942743.png

     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Register Today: Microsoft Business Applications Update- April 15th
Your Invited to Keeping It Real with the Power Platform

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the March Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Automate

#1
Haque Profile Picture

Haque 573

#2
Valantis Profile Picture

Valantis 407

#3
11manish Profile Picture

11manish 387

Last 30 days Overall leaderboard

Featured topics

Share your ideas and struggles with building Power Automate flows!
Survey: Power Automate mobile app
How to Ask for Help with Your Power Automate Workflow
Flows are not visible for users who sign in with their personal accounts
Start and wait for an approval action
Restore a deleted flow
List of actions cheat sheet for Power Automate Desktop
Question for everyone : How are you using Create Text GPT in AI Builder?
Welcome to the Power Automate forum!

Product updates

Microsoft Power Platform Community release plans