cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
JonathanR
New Member

Unable to retrieve authorization token from response header

I use a SaaS product with it's own API over which I have no control.

To obtain the authorization token I do a POST request with username and password in the body, and the token is in the response HEADER, rather than body. This token is then used for all other API requests.

This works fine in Postman, as per below: -

 

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Authorization: a<redacted>z
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Expose-Headers: accept, authorization, content-type
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Date: Wed, 04 Nov 2020 09:25:20 GMT
Content-Length: 173

 

However, in Power Automate the Authorization header is suppressed, the HTTP action gives only the following headers: -

 

Pragma no-cache
Vary Accept-Encoding
Access-Control-Allow-Origin *
Access-Control-Allow-Headers Origin, X-Requested-With, Content-Type, Accept, Authorization
Access-Control-Expose-Headers accept, authorization, content-type
X-Frame-Options SAMEORIGIN
X-XSS-Protection 1; mode=block
Cache-Control no-store, no-cache
Date Wed, 04 Nov 2020 08:04:23 GMT
X-Powered-By ASP.NET
Content-Type text/html
Expires -1
Content-Length 60

 

Although I can't find any documentation for the HTTP action (am I missing something?) it seems to be that these headers are suppressed for security reasons. The same is also true if I create a Custom Connector.

Is there a way of turning this suppression off so that I can get to the header content that I need?

Thanks in advance

Kind Regards

 

Jonathan

3 REPLIES 3
murshed
Microsoft
Microsoft

Hi @JonathanR 

Can you please give us more detail on what you are trying to do? If you have access to the third party API, you can define the API in a custom connector. You can also specify that the custom connector is a basic auth.

Once you are done building the custom connector you will need to create a connection to use the connector in a flow. This is when the user name and password will be required. The response token will be saved securely in PowerAutomate.

In other words, you don't need to manually perform a HTTP request and expose the auth token.

Please let me know if you have more questions.

Hi @murshed 

 

I have tried using a custom connector before posting on here.

 

The problem is that the API uses an API Key, not basic auth, for all but one of its endpoints.

 

The API key is not fixed, to get the current valid  API Key you need to call the authorization endpoint, (username & password are in the request body). The key is in the response header as shown above, and I need this key for the requests to the other endpoints.

 

Admittedly it wouldn't matter if I couldn't see it, as long as I could reference it, but there appears to be no way of doing this?

 

Kind regards

 

Jonathan

shyamsu
Power Automate
Power Automate

@JonathanR custom connector allows specifying response headers. Did you try explicitly defining Authorization header in response?

shyamsu_0-1605150231086.png

 

Helpful resources

Announcements
MPA User Group

Welcome to the User Group Public Preview

Check out new user group experience and if you are a leader please create your group

MBAS Carousel

Sign up for our May 4th event!

May the fourth be with you, join us online!

MSFTBizAppsLaunchEvent

Experience what’s next for Power Virtual Agents

See the latest Power Automate innovations, updates, and demos from the Microsoft Business Applications Launch Event.

Power Platform ISV STudio

Power Platform ISV Studio

ISV Studio is the go-to Power Platform destination for ISV’s to monitor & manage applications post-AppSource publish.

Users online (40,081)