Yes, this can be done with a Cloud Flow only using a Custom Connector with the on-premises data gateway. Here is the full picture.
Why the standard HTTP connector does not work: You are correct. The standard HTTP action in Power Automate does not support the on-premises data gateway, so it cannot reach internal URLs that are not publicly accessible.
The solution: Custom Connector + On-Premises Data Gateway
Microsoft docs confirm that custom connectors support private APIs through the on-premises data gateway. The gateway is installed on a machine inside your network, acts as a relay between the cloud flow and your internal application, and proxies the HTTP requests securely.
How to set it up:
1. Install the on-premises data gateway on a server inside your internal network that can reach internal-app.example-company.com
2. Create a custom connector in Power Automate pointing to your internal app base URL
3. In the custom connector wizard, enable the Connect via on-premises data gateway option
4. Define your actions (the login endpoint and the document download endpoint)
5. When creating the connection in your flow, select the gateway you installed
Handling cookie-based authentication
This is the tricky part. Custom connectors support standard auth methods (Basic, API key, OAuth 2.0) but do not have native cookie session management. Your scenario appears to use a session cookie after a login step.
The approach here is:
- Define two actions in your custom connector: one for the login POST request, one for the document GET request
- In the login action, capture the Set-Cookie response header
- Pass the session cookie value manually as a Cookie header in your document download action
This requires the login endpoint to return a predictable cookie name you can extract. You would use the HTTP response headers output from the login action and parse out the session cookie value using an expression, then inject it into the document request.
If the application uses Basic authentication you can skip the cookie step entirely and just pass credentials directly in the Authorization header of the document request.
Limitations to be aware of:
- Custom connector cookie handling is manual, not automatic like a browser session
- Binary file responses (PDF, Word) need to be handled carefully. Make sure the action is configured to return binary/file content and not text
- The gateway must remain running on the on-premises machine for the flow to work
Best regards,
Valantis
✅ If this helped solve your issue, please Accept as Solution so others can find it quickly.
❤️ If it didn’t fully solve it but was still useful, please click “Yes” on “Was this reply helpful?” or leave a Like :).
🏷️ For follow-ups @Valantis.
📝 https://valantisond365.com/