Power Platform Community Forum Thread Details

I'm currently working with the "When a Teams webhook request is received" trigger in Power Automate, and I've noticed a difference in the format of the generated HTTP POST URLs depending on the environment or tenant.

In one environment, the generated URL looks like this:

`https://prod-xx.japaneast.logic.azure.com:443/workflows/{id}/triggers/manual/paths/invoke?...&sig={signature}`

It works fine when calling it via HTTP POST from external systems.

However, in another environment, the generated URL looks like this:

`https://defaultxxxxxxxx.environment.api.powerplatform.com:443/powerautomate/automations/direct/workflows/{id}/triggers/manual/paths/invoke/?api-version=1&tenantId=...&environmentName=...`

This one requires an authorization token (OAuth) and returns a `401 Unauthorized` error if called without it. It seems to be a newer, secured endpoint format.

Could someone clarify the following?

1. What determines whether the URL is generated in the `prod-logic.azure.com` format or the `environment.api.powerplatform.com` format?
2. Is there a way to configure the "When a Teams webhook request is received" trigger to use the older (SAS-signed) anonymous access URL?
3. Are there specific environment, tenant, or licensing conditions that force the generation of the secured Power Platform API endpoint?

I want to understand this behavior so I can choose the right implementation approach for our use case (external systems calling the webhook via HTTP POST without requiring OAuth tokens).

Any help or official documentation reference would be appreciated.

Thanks in advance.

Categories:

Building flows

@慶城-23060932-0

Thanks for your detailed question! Based on recent documentation and community insights, here’s a breakdown of the behavior you're seeing with the Power Automate webhook trigger URLs and how to manage them:

✅ 1. What determines the webhook URL format?

The format of the webhook URL — whether it uses:

https://prod-xx.logic.azure.com/... (older, SAS-signed anonymous access), or
https://environment.api.powerplatform.com/... (newer, OAuth-secured endpoint)

— is determined by which infrastructure your flow is hosted on:

Classic flows (hosted on Azure Logic Apps infrastructure) use the prod-logic.azure.com format and support anonymous access via SAS token.
Modern flows (hosted on Power Platform infrastructure) use the environment.api.powerplatform.com format and require OAuth authentication.

This shift is part of Microsoft’s move toward enhanced security and unified Power Platform architecture.

🔐 2. Can you configure the trigger to use the older anonymous access URL?

Unfortunately, you cannot manually configure the trigger to use the older format. The URL format is automatically determined by:

The environment type (e.g., default vs. developer).
The region and tenant configuration.
Whether the flow is created in Power Automate (modern) vs. Logic Apps (classic).

If anonymous access is critical for your use case, you may consider:

Creating the flow in Azure Logic Apps, which still supports SAS-based anonymous triggers.
Or using Power Automate custom connectors with OpenAPI definitions that allow webhook-style triggers.

🧾 3. Are there licensing or environment conditions that enforce OAuth-secured endpoints?

Yes. The newer secured endpoint format is increasingly enforced in:

Premium environments or managed environments.
Tenants with enhanced security policies or DLP (Data Loss Prevention) rules.
Flows created using modern designer or Teams-integrated Power Automate Workflows.

These environments default to OAuth-secured triggers to comply with enterprise-grade security standards.

🛠️ Recommendations for Your Use Case

If you need external systems to call the webhook without OAuth tokens, consider:

Using Azure Logic Apps for webhook handling.
Creating a proxy endpoint (e.g., Azure Function or API Management) that accepts anonymous requests and forwards them with OAuth to Power Automate.
Using Power Automate’s “When an HTTP request is received” trigger in a classic environment (if still available).

🏷️ Tag me if you have any further questions or if the issue persists.

✅ Click "Accept as Solution" if my post helped resolve your issue—it helps others facing similar problems.

❤️ Give it a Like if you found the approach useful in any way.