web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Automate / When a HTTP Request is...
Power Automate
Unanswered

When a HTTP Request is received - Authentication Trigger

(1) ShareShare
ReportReport
Posted on by surfingtiger 4

Hi All,

 

We have just had the ability to create the 'When a HTTP Request is received' trigger with the option for 'Who can trigger the flow?' enabled. Add OAuth authentication for HTTP request triggers - Power Automate | Microsoft Learn

surfingtiger_0-1696242322960.png

 

When trying to use this, it seems that there is something missing from the documentation, or from the setup of the flow, since every time I try to call the flow, it gives the error below:

 

{
 "error": {
 "code": "DirectApiAuthorizationRequired",
 "message": "The OAuth authorization scheme is required. Please add authentication scheme and try again."
 }
}

 

The documentation does talk about this authentication headers and tokens, but I was expecting the standard Microsoft 365 login screen before the flow would run, rather than having to implement OAuth myself manually, which is what is seems like I will need to do. Can anyone confirm what an example request looks like, or provide more documentation? 

 

Given that this is now the default behaviour for this connector, and that this is a huge step up in terms of security, I hope there is a simple way for us to implement this rather than having to jump through hoops or not possible at all.

Categories:
Using connectors
I have the same question (1)
  • Michael E. Gernaey Profile Picture
    Michael E. Gernaey 53,353 Super User 2025 Season 2 on at

    Hi,

     

    I know you said you followed what it said, but there are multiple ways, can you provide exactly what you did? And no this is just an end point, its not intended to cause a login box. Its just an End Point that supports OAUTH.

     

    If you have done any other OAUTH before, it the same.


    Cheers
    If you like my answer, please Mark it as Resolved, and give it a thumbs up, so it can help others
    Thank You
    Michael Gernaey MCT | MCSE | MCP | Self-Contractor| Ex-Microsoft
    https://gernaeysoftware.com
    LinkedIn: https://www.linkedin.com/in/michaelgernaey

  • surfingtiger Profile Picture
    surfingtiger 4 on at

    I think that's my mistake then. I was hoping to use this to create link in an email or in a SharePoint list that could only be clicked by users inside my tenant, but it sounds like this is not what the intention of this functionality is.

     

    Do you know of any way that I could put the user through authentication, then divert back to the link, without having to setup an app in the Azure portal?

     

     

  • davidyc Profile Picture
    davidyc 99 on at

    Hi @FLMike, I'm wondering if you could help me with what I would need to include in the request to achieve OAuth using client credentials in a request made from a React App? I am aware that I would need to include claims in the request, including "aud", "iss," and "tid". I believe "aud" should be "https://service.flow.microsoft.com" and "tid" is just tenant id? But I'm unsure of the correct value for "iss". Please correct me if I've got the wrong value on "aud" too. Any help much appreciated! What I would ideally ask for from the community is a React example of making a simple request using the OAuth to this endpoint as I only have someone more junior in React available to me. Thanks in advance!

  • alexfilipovici Profile Picture
    alexfilipovici on at

    @davidyc , the correct scope (or audience) is https://service.flow.microsoft.com//.default (use two slashes before .default)

     

    Details: https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-v1-app-scopes#scopes-to-request-access-to-specific-oauth2-permissions-of-a-v10-application

  • davidyc Profile Picture
    davidyc 99 on at

    Thanks @alexfilipovici , any thoughts on the "iss" value?

  • PandaRedCap Profile Picture
    PandaRedCap 54 on at

    Hello,

     

    2 Step are required to Set up the Auth on this Http Connector (Any users  in my tenant) : 

     

    Step 1 : 

    • Create an app Service , in the Api Permission Allow the Power Automate as Signed User (Admin Consent require)
    • Create a Secret for the app Service

    Pandaredcap_0-1698124601603.png

     

    Step 2 : 

    • Create your flow with the "when a HTTP Request Is Receive" to generate the URL to post
    • create another flow with http request with Azure AD auth to post on the previous url generated, Use the App Service to Auth

    Pandaredcap_1-1698124913508.png

    Or Use "Invoke Http with Aure AD"

    Add only add the end of Base Ressource URL those Parameters when created the connection:

    &sp=%2Ftriggers%2Fmanual%2Frun

    Pandaredcap_2-1698124998124.png

     

    All credit goes to  Yash Agarwal for this one : 

    Set up Connection for "Any Users on my Tenant" for the connector "When a Http Req is Received"

    https://www.bythedevs.com/post/securing-when-an-http-request-is-received-trigger-in-power-automate-part-2

    Set up Connection for "Specific Usesr in my tenant" for the connector "When a Http Req is Received"

    https://www.bythedevs.com/post/securing-when-an-http-request-is-received-trigger-in-power-automate-part-1

     

    If this Post help you to resolve your Issue, Please make a thumps up, mark it as a solution ! 

     

  • d_aleshire Profile Picture
    d_aleshire Microsoft Employee on at

    @surfingtiger - The is an easier method than using an app service that might be useful.

     

    If the flow you are trying to trigger is contained in a solution you can use the Flows -> Call Child Flow to trigger the HTTP Request using the authenticated user running the flow. 

    The child flow in the image named "Test - Child ..." is triggered when an HTTP Request is received. Simply add the child flow action, select the flow, and pass in the parameters.

     

    d_aleshire_0-1699398334097.png

     

  • brownman311 Profile Picture
    brownman311 37 on at

    For anyone looking to authenticate via Postman, please see this video by Amreek Singh.

    https://youtu.be/U1qykshQxRY

     

    You will need to First get the access token:

    brownman311_0-1710266455433.png

    and then use that in your HTTP request:

    brownman311_1-1710266507829.png

     

     

  • vinayanlive Profile Picture
    vinayanlive 4 on at

    can you please explain how we can add the auth url to an outlook actionable item action.Http, I am using "any user in, my tenant" and I am getting "the remote endpoint returned an error (HTTP 401")".

    POST url I added in the adaptive card is from "when an HTTP request received." 

  • JimmyW Profile Picture
    JimmyW 2,563 on at

    @vinayanlive I'm looking into this also.

    Adaptative cards needs to call the actionURL this would be the "When a HTTP request is received"

    If anyone know please help 🙂

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Automate

#1
Michael E. Gernaey Profile Picture

Michael E. Gernaey 503 Super User 2025 Season 2

#2
Tomac Profile Picture

Tomac 321 Moderator

#3
abm abm Profile Picture

abm abm 237 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Share your ideas and struggles with building Power Automate flows!
Survey: Power Automate mobile app
How to Ask for Help with Your Power Automate Workflow
Flows are not visible for users who sign in with their personal accounts
Start and wait for an approval action
Restore a deleted flow
List of actions cheat sheet for Power Automate Desktop
Question for everyone : How are you using Create Text GPT in AI Builder?
Welcome to the Power Automate forum!

Product updates

Microsoft Power Platform Community release plans