cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
AndyBradford
New Member

HTTP Request Trigger Authentication

I am putting together a flow where my external Asset Management System (Cartegraph) sends a webhook request to Power Automate to begin a Flow. When I test the webhook system, with the URL to the HTTP Request trigger, it says

 

 

(Response Code:Unauthorized) {"error":{"code":"AuthorizationFailed","message":"The authentication credentials are not valid."}}

 

 

I had a screenshot of the Cartegraph webhook interface, but the forum ate it. The Cartegraph Webhook interface contains the following fields:

 

URL (Text box)

Use Basic Authentication (checkbox)

Username (Text box)

Password (Text box)

"Test" Button
Test Status dialog

 

What authentication do I need to put in so Power Automate sees Cartegraph's request as valid? Using my Microsoft account credentials to authenticate seems like bad practice. 

6 REPLIES 6
PrasadAthalye
Super User
Super User

HTTP Trigger generates a URL with an SHA signature that can be called from any caller. Can you try calling the same URL from Postman?

Please Like and Mark this as Answer if it resolves your Issue.

Power Automate Community
AndyBradford
New Member

I don't have Postman, but I built a Python script to send a POST request without authentication. The JSON package kinda looked like what Cartegraph would send, and it hit some issues with being a valid JSON, but didn't get any authentication issues.

That is correct. You shouldn't be getting authentication issues since the signature is included. You can actually paste the URL in Browser and it will invoke the flow. Since this is a risk, I added extra validation inside the flow to reject if the caller is not the one I expected...

Please Like and Mark this as Answer if it resolves your Issue.

Power Automate Community

I plan to stick a security token into the flow as in: https://demiliani.com/2020/06/25/securing-your-http-triggered-flow-in-power-automate/ but the authentication issues are happening without it.

 

Is there a URL I can send a Cartegraph request to, to see what the request looks like, and see if Cartegraph is doing something silly - maybe attaching my Cartegraph user credentials?

I plan to stick in a security token like in this: https://powerusers.microsoft.com/t5/Building-Flows/HTTP-Request-Trigger-Authentication/m-p/808054#M1... but the authentication issues happen without it.

Is there a way to catch and examine the Cartegraph request, so I can see if Cartegraph is doing something silly to the request, like adding my Cartegraph user credentials?

You can install fiddler to trace the request...

Please Like and Mark this as Answer if it resolves your Issue.

Power Automate Community

Helpful resources

Announcements
MPA User Group

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group

MBAS Carousel

Sign up for our May 4th event!

May the fourth be with you, join us online!

MSFTBizAppsLaunchEvent

Experience what’s next for Power Virtual Agents

See the latest Power Automate innovations, updates, and demos from the Microsoft Business Applications Launch Event.

Power Platform ISV STudio

Power Platform ISV Studio

ISV Studio is the go-to Power Platform destination for ISV’s to monitor & manage applications post-AppSource publish.

Top Solution Authors
Top Kudoed Authors
Users online (86,239)