I use a SaaS product with it's own API over which I have no control.
To obtain the authorization token I do a POST request with username and password in the body, and the token is in the response HEADER, rather than body. This token is then used for all other API requests.
This works fine in Postman, as per below: -
HTTP/1.1 200 OK Cache-Control: no-cache, no-store Pragma: no-cache Content-Type: text/html Content-Encoding: gzip Expires: -1 Vary: Accept-Encoding Authorization: a<redacted>z X-Powered-By: ASP.NET Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization Access-Control-Expose-Headers: accept, authorization, content-type X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Date: Wed, 04 Nov 2020 09:25:20 GMT Content-Length: 173
However, in Power Automate the Authorization header is suppressed, the HTTP action gives only the following headers: -
Pragma no-cache Vary Accept-Encoding Access-Control-Allow-Origin * Access-Control-Allow-Headers Origin, X-Requested-With, Content-Type, Accept, Authorization Access-Control-Expose-Headers accept, authorization, content-type X-Frame-Options SAMEORIGIN X-XSS-Protection 1; mode=block Cache-Control no-store, no-cache Date Wed, 04 Nov 2020 08:04:23 GMT X-Powered-By ASP.NET Content-Type text/html Expires -1 Content-Length 60
Although I can't find any documentation for the HTTP action (am I missing something?) it seems to be that these headers are suppressed for security reasons. The same is also true if I create a Custom Connector.
Is there a way of turning this suppression off so that I can get to the header content that I need?
Thanks in advance
Can you please give us more detail on what you are trying to do? If you have access to the third party API, you can define the API in a custom connector. You can also specify that the custom connector is a basic auth.
Once you are done building the custom connector you will need to create a connection to use the connector in a flow. This is when the user name and password will be required. The response token will be saved securely in PowerAutomate.
In other words, you don't need to manually perform a HTTP request and expose the auth token.
Please let me know if you have more questions.
I have tried using a custom connector before posting on here.
The problem is that the API uses an API Key, not basic auth, for all but one of its endpoints.
The API key is not fixed, to get the current valid API Key you need to call the authorization endpoint, (username & password are in the request body). The key is in the response header as shown above, and I need this key for the requests to the other endpoints.
Admittedly it wouldn't matter if I couldn't see it, as long as I could reference it, but there appears to be no way of doing this?
Apologies, I had a long authentication problem of not being able to sign in here due to security setup.
I was given a proposed workaround, and have seen a successful PoC, but never ended up actually using it - to use an Azure Function Proxy to create a cloned header with a different name.