cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
AndyBradford
New Member

HTTP Request Trigger Authentication

‎01-27-2021 12:47 PM

I am putting together a flow where my external Asset Management System (Cartegraph) sends a webhook request to Power Automate to begin a Flow. When I test the webhook system, with the URL to the HTTP Request trigger, it says

 

 

(Response Code:Unauthorized) {"error":{"code":"AuthorizationFailed","message":"The authentication credentials are not valid."}}

 

 

I had a screenshot of the Cartegraph webhook interface, but the forum ate it. The Cartegraph Webhook interface contains the following fields:

 

URL (Text box)

Use Basic Authentication (checkbox)

Username (Text box)

Password (Text box)

"Test" Button
Test Status dialog

 

What authentication do I need to put in so Power Automate sees Cartegraph's request as valid? Using my Microsoft account credentials to authenticate seems like bad practice. 

Labels:
Message 1 of 7
207 Views
0 Kudos
6 REPLIES 6
PrasadAthalye
Super User
Super User

‎01-27-2021 02:30 PM

HTTP Trigger generates a URL with an SHA signature that can be called from any caller. Can you try calling the same URL from Postman?

Please Like and Mark this as Answer if it resolves your Issue.

Power Automate Community
Message 2 of 7
184 Views
0 Kudos
AndyBradford
New Member

‎01-28-2021 08:04 AM

I don't have Postman, but I built a Python script to send a POST request without authentication. The JSON package kinda looked like what Cartegraph would send, and it hit some issues with being a valid JSON, but didn't get any authentication issues.

Message 3 of 7
172 Views
0 Kudos
PrasadAthalye
Super User
Super User
In response to AndyBradford

‎01-28-2021 08:38 AM

That is correct. You shouldn't be getting authentication issues since the signature is included. You can actually paste the URL in Browser and it will invoke the flow. Since this is a risk, I added extra validation inside the flow to reject if the caller is not the one I expected...

Please Like and Mark this as Answer if it resolves your Issue.

Power Automate Community
Message 4 of 7
169 Views
0 Kudos
AndyBradford
New Member
In response to PrasadAthalye

‎01-28-2021 09:08 AM

I plan to stick a security token into the flow as in: https://demiliani.com/2020/06/25/securing-your-http-triggered-flow-in-power-automate/ but the authentication issues are happening without it.

 

Is there a URL I can send a Cartegraph request to, to see what the request looks like, and see if Cartegraph is doing something silly - maybe attaching my Cartegraph user credentials?

Message 5 of 7
151 Views
0 Kudos
AndyBradford
New Member
In response to PrasadAthalye

‎01-28-2021 09:19 AM

I plan to stick in a security token like in this: https://powerusers.microsoft.com/t5/Building-Flows/HTTP-Request-Trigger-Authentication/m-p/808054#M1... but the authentication issues happen without it.

Is there a way to catch and examine the Cartegraph request, so I can see if Cartegraph is doing something silly to the request, like adding my Cartegraph user credentials?

Message 6 of 7
157 Views
0 Kudos
PrasadAthalye
Super User
Super User
In response to AndyBradford

‎01-29-2021 09:39 AM

You can install fiddler to trace the request...

Please Like and Mark this as Answer if it resolves your Issue.

Power Automate Community
Message 7 of 7
142 Views
0 Kudos

Helpful resources

Announcements
MPA User Group

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group

MBAS Carousel

Sign up for our May 4th event!

May the fourth be with you, join us online!

MSFTBizAppsLaunchEvent

Experience what’s next for Power Virtual Agents

See the latest Power Automate innovations, updates, and demos from the Microsoft Business Applications Launch Event.

Power Platform ISV STudio

Power Platform ISV Studio

ISV Studio is the go-to Power Platform destination for ISV’s to monitor & manage applications post-AppSource publish.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All
Users online (86,239)