cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Advocate IV
Advocate IV

Trouble Retrieving Authorization From Response Header

I'm attempting to authenticate to an external vendor's API. The vendor requires that I POST credentials to an authentication endpoint and then returns a Bearer token in the headers under the 'Authorization' title.  I'm able to post the credentials and I get a response, however the 'Authorization' header is not present.  I'm guessing that Flow is sanitizing it out of the response, because it is present when I perform the same POST action via curl or powershell.

 

Does anyone have any ideas here?

11 REPLIES 11
Dual Super User II
Dual Super User II

Hi @tutankh , 

 

You can use the POST API action result value as teh authorisation token. I have worked on such a scenario before and you can see this in the screenshot below: 

 

authen.png

 

In the follow-up query just add a header with authentication and tyep Bearer<space>select the result from previous http action. 

 

Hope this Helps!

 

If this reply has answered your question or solved your issue, please mark this question as answered. Answered questions helps users in the future who may have the same issue or question quickly find a resolution via search. If you liked my response, please consider giving it a thumbs up. THANKS!

Thanks for the reply @yashag2255..

 

Unfortunately this does not work. This is the problem I'm having actually.  The auth token does not come back in the body or the headers of the HTTP POST request.  It is sent back from the API in the headers as 'Authorization' but when it gets to Flow, flow removes this specific header before processing the HTTP Response.

@yashag2255 

 

As a sample, you can setup 2 flows. One to send the post request out, and one to receive and respond to HTTP Requests  Have the first send out a POST request and have the second send the response with a Header titled 'Authorization'.  The 'Authorization' header will not be received by the first initiating flow.

Hi @tutankh , 

 

Can you share a screenshot of the flow?

 

 

Thanks

@yashag2255 

A screenshot wouldn't properly display it... but these are the headers that flow displays in the HTTP POST response:

 
{
  "statusCode": 200,
  "headers": {
    "Connection": "keep-alive",
    "X-Password-Change-Required": "false",
    "guid": "GUID",
    "X-Backend": "IPADDR:4443",
    "X-Frame-Options": "SAMEORIGIN",
    "X-Content-Type-Options": "nosniff",
    "X-XSS-Protection": "1; mode=block;",
    "Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
    "Content-Security-Policy": "blob",
    "Date": "Thu, 30 May 2019 13:32:10 GMT",
    "Set-Cookie": "JSESSIONID=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/",
    "Server": "tomcat",
    "Content-Length": "0"
  }
}
 
However, they should display this... note the 'Authorization' header item
 
{ "statusCode": 200,
"headers": {
"Connection": "keep-alive",
"Authorization": "Basic [SOME GUID THING]",
"X-Password-Change-Required": "false",
"guid": "GUID",
"X-Backend": "IPADDR:4443",
"X-Frame-Options": "SAMEORIGIN",
"X-Content-Type-Options": "nosniff",
"X-XSS-Protection": "1; mode=block;",
"Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
"Content-Security-Policy": "blob",
"Date": "Thu, 30 May 2019 13:32:10 GMT",
"Set-Cookie": "JSESSIONID=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/",
"Server": "tomcat",
"Content-Length": "0"
}
}

Hey!

 

The authorisation token from the POST request (the first one where you send your credentials), the token is returned in the body. You are looking for that in the headers. 

 

Have a look at the screenshot below: 

auttt.png

and the result is the token which can be accesed by: 

body('type_the_name_of_http_action_here')['result']

Hope this Helps!

 

If this reply has answered your question or solved your issue, please mark this question as answered. Answered questions helps users in the future who may have the same issue or question quickly find a resolution via search. If you liked my response, please consider giving it a thumbs up. THANKS!

Thanks @yashag2255  but this is not the case in my situation.  As I stated... the Authorization property is returned from the API in question inside of the Headers, NOT the body.  The body in the request response is blank. Flow is filtering out the 'Authorization' Header before it brings it back into the flow.

Ah! Got it. Please refer to the post below for the Authorisation Header. 

 

https://powerusers.microsoft.com/t5/Connecting-To-Data/Authorization-Bearer-in-Header-Custom-Connect...

 

If this reply has answered your question or solved your issue, please mark this question as answered. Answered questions helps users in the future who may have the same issue or question quickly find a resolution via search. If you liked my response, please consider giving it a thumbs up. THANKS!

Thanks,

 

that result came up when I first searched the issue, but the solution doesn't work. When attempting to use the custom connector in a flow, it prompts for the API Key (Authorization header).  So you basically have to perform an auth request outside of flow, and then use the header inside of flow.  Which you could do anyway without creating the connector.

Have you foind any work arounds for this? im encoutering the same issue. The authorization is stripped in the headers.

Same Issue i want the POST to return BEARER in the HEADER to use it to GET data. On POSTMAN i get the HEADER with the BEARER but not in the power automate.

Helpful resources

Announcements
PP Bootcamp Carousel

Global Power Platform Bootcamp

Dive into the Power Platform stack with hands-on sessions and labs, virtually delivered to you by experts and community leaders.

secondImage

Power Platform Community Conference On Demand

Watch Nick Doelman's session from the 2020 Power Platform Community Conference on demand!

MPA Community Blog

Power Automate Community Blog

Check out the community blog page where you can find valuable learning material from community and product team members!

Top Solution Authors
Users online (4,503)