cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
RyanW7
Level: Powered On

Header token authentication with an on-premise API?

Hello all,

 

I am trying to create a PowerApps front-end to an internal network API that is not internet accessible.

 

I can hit the API endpoints by enabling Data Gateway on the PowerApps Custom Connector, but this limits the forms of authentication I can use down to Windows and Basic.

 

As I've read up on, it appears for APIs that use a bearer token in the header authentication, there is a need to have the "API Key" authentication method selected when creating the Custom Connector, however this isn't available when using the Data Gateway. See: https://powerusers.microsoft.com/t5/Connecting-To-Data/Using-API-Key-Authentication-Type-While-Conne...

 

Without exposing this API directly to the Internet, is there any options that I'm failing to think of that someone can suggest?

Thank you!

2 REPLIES 2
Community Support Team
Community Support Team

Re: Header token authentication with an on-premise API?

Hi @RyanW7,

 

What authentication methods does your data source support?

There is a post about Authorization Bearer in Header, I hope it could help you something:

https://powerusers.microsoft.com/t5/Connecting-To-Data/Authorization-Bearer-in-Header-Custom-Connect... 

Best Regards,
Community Support Team _ Lin Tu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

RyanW7
Level: Powered On

Re: Header token authentication with an on-premise API?

Hello @v-litu-msft 

 

I did see that post and that method  is exactly what I'm trying to accomplish,

the problem I am facing is you cannot use 'API Key' authentication if you enable 'Data Gateway'.

 

The reason 'Data Gateway' is needed is because my API endpoint is within a private network space and not publicly hosted.

 

My application creates a bearer token for authentication via:

POST https://myapisever.internal.com/login

Headers: Content-Type application/json

Body:

{

  "username": "user",

  "password": "password"

}

 

The response is as such with a body of:

{

  "access_token": "<authentication token>"

}

 

That <authentication token> needs to be in the header of any further API calls past logging in.

 

Does that help clarify?

Helpful resources

Announcements
thirdimage

Power Automate Community User Group Member Badge

Fill out a quick form to claim your user group badge now!

firstImage

Incoming: New and improved badges!

We've given our badges an overhaul and also added some brand new ones!

fifthimage

Microsoft Learn

Learn how to build the business apps that you need.

sixthImage

Power Platform World Tour

Find out where you can attend!

seventhimage

Webinars & Video Gallery

Watch & learn from the Power Automate Community Video Gallery!

Top Kudoed Authors (Last 30 Days)
Users online (6,096)