Header token authentication with an on-premise API...

RyanW7 · ‎10-30-2019

Hello all,

I am trying to create a PowerApps front-end to an internal network API that is not internet accessible.

I can hit the API endpoints by enabling Data Gateway on the PowerApps Custom Connector, but this limits the forms of authentication I can use down to Windows and Basic.

As I've read up on, it appears for APIs that use a bearer token in the header authentication, there is a need to have the "API Key" authentication method selected when creating the Custom Connector, however this isn't available when using the Data Gateway. See: https://powerusers.microsoft.com/t5/Connecting-To-Data/Using-API-Key-Authentication-Type-While-Conne...

Without exposing this API directly to the Internet, is there any options that I'm failing to think of that someone can suggest?

Thank you!

v-litu-msft · ‎10-31-2019

Hi @RyanW7,

What authentication methods does your data source support?

There is a post about Authorization Bearer in Header, I hope it could help you something:

https://powerusers.microsoft.com/t5/Connecting-To-Data/Authorization-Bearer-in-Header-Custom-Connect...

Best Regards,
Community Support Team _ Lin Tu
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

RyanW7 · ‎11-01-2019

Hello @v-litu-msft

I did see that post and that method is exactly what I'm trying to accomplish,

the problem I am facing is you cannot use 'API Key' authentication if you enable 'Data Gateway'.

The reason 'Data Gateway' is needed is because my API endpoint is within a private network space and not publicly hosted.

My application creates a bearer token for authentication via:

POST https://myapisever.internal.com/login

Headers: Content-Type application/json

Body:

{

"username": "user",

"password": "password"

}

The response is as such with a body of:

{

"access_token": "<authentication token>"

}

That <authentication token> needs to be in the header of any further API calls past logging in.

Does that help clarify?

SamPo · ‎07-07-2020

@RyanW7 Did you ever find a way to do this?

Also having the same issue...

yasminSarbaoui · ‎11-16-2020

Hey there @RyanW7 , did you solve this issue ?

shyamsu · ‎11-20-2020

@yasminSarbaoui what auth type does your API support? For APIKey auth, you can try SetHeader or SetQueryParameter policy template : https://docs.microsoft.com/en-us/connectors/custom-connectors/policy-templates

yasminSarbaoui · ‎11-20-2020

@shyamsu just found out that we are on self signed scenario.

shyamsu · ‎11-20-2020

@yasminSarbaoui by self signed, do you mean self signed certificate?

RyanW7 · ‎11-30-2020

Hello @yasminSarbaoui and @SamPo, No this remains unresolved.

There is currently no supported function to do header token authentication within a custom API connector that is on-premise. The only workarounds I have seen are to expose the API to the public Internet, OR to set it as 'No Authentication' and attempt to use a raw HTTP calls to provide the header which appears to be blocked as well.