Best place to store bearer token

Like (0) Share

Report

Posted on 8 Apr 2022 17:28:03 by etuell

Background:

I have a power app that uses many Power Automate Flows to make API calls to the same entity. I have a different flow for each type of API call that I need to make. Each API call requires the Bearer Token to be passed in the header. On each flow, I have a process that requests the Bearer Token. I store it in a variable then pass it in the header. All the API calls work but the problem is that the endpoint limits the number of bearer tokens issued per minute. The bearer token also expires after 60 minutes.

What I'd like to do is create a new flow that runs on a schedule (every 60 minutes) and securely stores the bearer token somewhere. Once a flow is ran, it retrieves the bearer token and passes it in the header of each API call. Is this a good way of doing this? If so, where is the best place to store the bearer token. I'm open to any and all ideas.

Here is what I'm doing now in all of my flows.

I have the same question (0)

Summarized by AI

AI generated content may be incorrect

Did you find this summary helpful?

All responses (3)

Answers (1)

Paulhins8675309 2 on 09 Jan 2023 at 20:54:36

Like (0)

Report

Re: Best place to store bearer token

Interesting solution. Does this work with a Power BI gateway so that you can use the bearer tokens to access APIs through functions and headers in Power BI transformations?

Was this reply helpful? Yes No
Verified answer

etuell 21 on 12 Apr 2022 at 23:10:51

Like (1)

Report
Re: Best place to store bearer token

I did find a solution that worked for me. I was able to follow this article https://www.c-sharpcorner.com/article/how-to-access-azure-key-vault-secrets-through-rest-api-using-postman/#:~:text=To%20do%20this%2C%20go%20to,case%20%E2%80%9CmyApp%E2%80%9D)%20%3D%3E
and did all the testing in Postman. I then transferred everything from Postman into Power Automate. Here is how it's working now and it works great. This solution does require Premium HTTP actions which I have purchased a flow license for.

Power Automate Flow runs on a schedule (every 45 minutes)
Reaches to an API endpoint and get a bearer token and stores it in a variable. (this is the one I want to store in key vault)
Reaches out to Microsoft and gets a bearer token
Uses Microsoft's bearer token to connect to the Azure Key Vault
Sets the secret's value ( I used this article - https://docs.microsoft.com/en-us/rest/api/keyvault/secrets/set-secret/set-secret)
All of my flows now get the Bearer Token from the key vault instead of getting it on every API call.

Was this reply helpful? Yes No
etuell 21 on 12 Apr 2022 at 16:56:21

Like (1)

Report

Re: Best place to store bearer token

An update to give a little more detail. I am currently storing the API client ID and secret in Azure Key Vault. I can retrieve the those items from Power Automate easily. I thought about storing the bearer token in Azure Key Vault as well but Power Automate does not seem to have native connector to create or update an object on the Azure Key Vault.

I would like to see what other people have done in this situation. Where do bearer token normally get stored?

Was this reply helpful? Yes No