I have my own custom API which I want to expose to the Power Platform using a custom connector but am getting a 401 unauthorized.
I've created 2 app registrations in Azure Active Directory; one for the API and one for the connector, following the same steps provided in this post/article.
I've created the custom connector using a Postman definition. It contains two endpoints which accept GET requests; an anonymous one and one requiring authentication. When I try "Test operation", the anonymous works and returns some data, but the other returns a 401.
I'm pretty happy the API authentication is setup correctly because I can manually obtain an access token using the implicit grant flow (selecting the "Access tokens" checkbox in the app registration) and then call the API successfully using Postman.
Below is a couple of screen shots of the security setup. The first using "Azure Active Directory" as the identity provider. The second is using "Generic Oauth 2".
Client id and secret used here is from the connector app registration.
Any ideas what I'm doing wrong?
I have seen a similar post that has the same issue, it may appear that behind the scenes the Custom Connector may not establish correctly the first time of creation. Please create a second connector and try it again.
This is a blog that introduces how to create a custom connector step by step, hope it helps:
Community Support Team _ Lin Tu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Hi @v-litu-msft , thanks for your reply. I've not found the blog particularly useful...it seems to be out of date (Sign-on URL is not visible when creating a new application registration for me) and it talks about copying the OAuth endpoints but then doesn't use them anywhere.
I can find the bearer token being used by the connector by going to the Request of the the test operation in Step 4 of the custom connector. This is definitely not valid...when I use it in Postman I get the same 401.
A couple of things....
1. Could anyone confirm the inputs for 2. Security? I'm using the default login URL. I'm specifying my own tenancy rather than the default "common". I'm not inputting a scope - do I need something here?
2. Does anyone have a sample Postman definition that I could use to compare with mine?
Hi @yashag2255, I've referenced a post of yours in my original post and wondered if you could be any help here? Have you been able to get something similar to this working?
Just to make sure that we are covering all the aspects on this setup, can you please confirm the below details?
1) What is passed in the General section while creating this custom connector? You just need to pass the host name.
eg. If the API url is https://abcd.com/get-response , then you only need to pass abcd.com and base url would be /
2) Make sure that you have passed the correct values for below:
Authentication type: OAuth 2.0
Identity Provider: Azure Active Directory
Client ID: Client ID for Client App Registration
Client Secret: Client Secret for Client App Registration
Resource URL: Client ID for Backend App Registration. (Here, I see you passed a URL but this should be the Client Id for the Backend Application).
3) Finally, update the rediect url created in your custom connector, into your client Application registration, remove the existing value and add this newly created one, this is same for all connectors and it is: https://global.consent.azure-apim.net/redirect
Hope this Helps!
If this reply has answered your question or solved your issue, please mark this question as answered. Answered questions helps users in the future who may have the same issue or question quickly find a resolution via search. If you liked my response, please consider giving it a thumbs up. THANKS!
Thanks for replying! OK I've checked everything (changed the resource URL to ID) but encounter the same problem.
1. I've just included the root address in the host name and "/" for the base address. I'm confident these are correct as the connector works correctly when I call the anonymous action within the same connector.
2. Changed the Resource URL from the API URL to the API registration client ID as you have suggested. You seem to be able to use the URL and ID interchangeably as calling the authorize endpoint manually in the browser returns an auth code for both.
3. Confirmed the redirect URL that gets generated when the connector is created exists as a reply URL in the azure app client registration.
Once I've created the connector I did the following...
1. Go to "4. Test" and create a "New connection".
2. A window opens and I select my Microsoft account and the connection is created.
3. Open Fiddler; I can see the GET request to the authorize endpoint and I can see the auth code in the response. I assumed I'd see a second request to the token endpoint where is exchanges the auth code for an access token but I don't.
5. Back in the connector I click "Test operation" which fails with a 401.
6. I can see a bearer token in the request header so assumed it obtained an access token somehow i.e...
"Authorization": "Bearer xxx...
Any help you can provide with this would be most appreciated 🙂
Join us for the first ever Power Platform Online Conference!
Look out for new contribution recognition badges coming SOON!
We've updated and improved the layout and uploading format of the Power Automate Cookbook!
Fill out a quick form to claim your user group badge now!
Find out where you can attend!
Watch & learn from the Power Automate Community Video Gallery!