cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
shahriat
Helper II
Helper II

From the PowerApps portal, how to securely talk to an external API hosted in Azure?

I am working on a poweapps portal, I want to connect my portal with an external API hosted in Azure. 

 

Is it possible and how to accomplish it?

1 ACCEPTED SOLUTION

Accepted Solutions

Hi @shahriat,

This implementation does mostly use JavaScript - from the Portal end. Note that the biggest issue with JavaScript API in the Portal is that you're making everything, including authentication, accessible to a tech-savvy user. For example, if you just pass a username & pass or static credentials to an API from JavaScript, I can easily press F12 and see what you did. Then I can manipulate the data, or throw it into a whole bunch of virtual machines and try to throw thousands of requests at your API, all to try to break the API.

The advantage of the documentation shared is that it relies on generating a coded API request only when the Portal has been setup to make a request to that particular API. But that's only half the problem - now the API needs to decode it. This is where the C# comes in - you need to be able to retrieve the decoding pattern from the Portal, apply it to the coded message, and if everything decodes without breaking then you can guarantee the request came from the trusted source.

View solution in original post

5 REPLIES 5
justinburch
Microsoft
Microsoft

Hi @shahriat,

Yes, but it requires quite a bit of work. Use Microsoft's documentation to get started (https://docs.microsoft.com/en-us/powerapps/maker/portals/oauth-implicit-grant-flow), but ultimately what you'll want to do is create a process in the Azure API (or use a middle layer) to validate the request is coming from the Portal and, therefore, to authenticate the bearer token. This uses the Portal's public key to identify that the request was created from the private key, so doesn't actually need access to the authentication service.

Hi Justin,

Thanks a lot for your reply. The documentation you provided I already have seen and they have sample for c# code. Since I am new in portal so not sure how to implement c# code in portal. Do you suggest some Javascript sample? And do you know about adal js library and will it work? 

 

Your explanation is still quite confusing to me.

Hi @shahriat,

This implementation does mostly use JavaScript - from the Portal end. Note that the biggest issue with JavaScript API in the Portal is that you're making everything, including authentication, accessible to a tech-savvy user. For example, if you just pass a username & pass or static credentials to an API from JavaScript, I can easily press F12 and see what you did. Then I can manipulate the data, or throw it into a whole bunch of virtual machines and try to throw thousands of requests at your API, all to try to break the API.

The advantage of the documentation shared is that it relies on generating a coded API request only when the Portal has been setup to make a request to that particular API. But that's only half the problem - now the API needs to decode it. This is where the C# comes in - you need to be able to retrieve the decoding pattern from the Portal, apply it to the coded message, and if everything decodes without breaking then you can guarantee the request came from the trusted source.

Hi Justin, I have implemented their sample code and getting this error: {"xxxxxx: Audience validation failed. Audiences: ''. Did not match: validationParameters.ValidAudience: 'xxxxxxxxxxxxxxxxxx' or validationParameters.ValidAudiences: 'null'."} not sure I have missed anything, I am getting token using token endpoint. Could you please help me why I am getting this error in my API?

Helpful resources

Announcements
Welcome Super Users.png

Welcome Super Users

The Super User program for 2022 - Season 2 has kicked off!

Ignite 2022

WHAT’S NEXT AT MICROSOFT IGNITE 2022

Explore the latest innovations, learn from product experts and partners, level up your skillset, and create connections from around the world.

September Events 2022

Check out all of these events

Attend in person or online, there are incredible conferences and events happening all throughout the month of September.

Users online (2,915)