I am trying to create a PowerApps front-end to an internal network API that is not internet accessible.
I can hit the API endpoints by enabling Data Gateway on the PowerApps Custom Connector, but this limits the forms of authentication I can use down to Windows and Basic.
As I've read up on, it appears for APIs that use a bearer token in the header authentication, there is a need to have the "API Key" authentication method selected when creating the Custom Connector, however this isn't available when using the Data Gateway. See: https://powerusers.microsoft.com/t5/Connecting-To-Data/Using-API-Key-Authentication-Type-While-Conne...
Without exposing this API directly to the Internet, is there any options that I'm failing to think of that someone can suggest?
What authentication methods does your data source support?
There is a post about Authorization Bearer in Header, I hope it could help you something:
Community Support Team _ Lin Tu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
I did see that post and that method is exactly what I'm trying to accomplish,
the problem I am facing is you cannot use 'API Key' authentication if you enable 'Data Gateway'.
The reason 'Data Gateway' is needed is because my API endpoint is within a private network space and not publicly hosted.
My application creates a bearer token for authentication via:
Headers: Content-Type application/json
The response is as such with a body of:
"access_token": "<authentication token>"
That <authentication token> needs to be in the header of any further API calls past logging in.
Does that help clarify?
@yasminSarbaoui what auth type does your API support? For APIKey auth, you can try SetHeader or SetQueryParameter policy template : https://docs.microsoft.com/en-us/connectors/custom-connectors/policy-templates
There is currently no supported function to do header token authentication within a custom API connector that is on-premise. The only workarounds I have seen are to expose the API to the public Internet, OR to set it as 'No Authentication' and attempt to use a raw HTTP calls to provide the header which appears to be blocked as well.
Check out new user group experience and if you are a leader please create your group
See the latest Power Automate innovations, updates, and demos from the Microsoft Business Applications Launch Event.
Many congratulations to the Season 1 2021 Flownaut Crew!
ISV Studio is the go-to Power Platform destination for ISV’s to monitor & manage applications post-AppSource publish.