There's a fantastic tool built into all web browsers called Developer tools, and one of its best features to use is the Network tab.
The Network t...
For further actions, you may consider blocking this person and/or reporting abuse
Kudos on the article @wyattdave . Great job! I'm working on a project where I'm trying to get all the details on all assets that are solution and non-solution aware. Based on your article, the following end point should return all flows in an environment. However, it does not return non-solution flows. Any thoughts?
https://api.flow.microsoft.com/providers/Microsoft.ProcessSimple/scopes/admin/environments/{environment id}/v2/flows?api-version=2016-11-01My app has the following permissions:
Dynamics CRM
Microsoft Graph
Power Automate
Thank you @hanielc, are you looking at getting all of your flows or all flows of all makers?
Hi @wyattdave ,
I'm looking to get all the flows for all makers. In my test, the non-solution flow was created using my account. But the api running under the service principal still didn't pick it up.
-Haniel
I get you, to get both legacy and solution aware as system you have to use a very random api (see the beta on the end lol, apparently this was a temp fix that never did)
api.flow.microsoft.com/Providers/M.../flows?api-version=2016-11-01-beta
As a warning as the url shows this has a different scope, so it uses a different token then normal get flows
Amazing! Interestingly, now I get back even flows that I don't see :)
Now the kicker.... I don't see solution listed as any field to filter out solution vs. legacy flows. I tried adding solution, solutionid, and solutionname to the $select statement, but all come back empty. Thoughts?
Sadly the only way is to see if the resource id is in the workflows table, if it's not there then it's legacy. Note though, the workflow table only gets resource id when the flow has ran, so new flows maybe in a solution but show has legacy.
Thanks for all the help, @wyattdave . I'll be logging off for the next 3 weeks, spending most of it underwater (literally), but may reach out for some more expert advice. Until then, happy coding.
Anazing Article! Thank you! @wyattdave
Quick question, for Dynamics API you mentioned how "the scope for the API call when authenticating requires the environment url so you would think the token is environment specific, it is not, but it is geo specific. So you can reuse the token on all .crm environments but not .crm4."
But when I am issuing a token for a specific env, I am not able to use it in other env. Here is the error I'm getting:
401_Error_Reason: Token Audience(XXX.crm4.dynamics.com) validation failed. Token issued organization (Id: XXX) is not matching with the request organization (Id: XXX).
Do I really need to issue a token for every environment? Sounds not right, any help on how I can get a token for the dynamics API that works for all Envs? Thanks!
Hi Shachar, In all my experiences as long as the environments are in same geo then you can reuse the token. But your error does seem to show this, its very strange. I wonder if your tenant has some extra security settings that I don't know about.
Hello, there is a way I to give a SPN permissions to use the BAP API. I followed the steps here and was able to call BAP endpoints with tokens obtained by passing client secret to Entra ID token endpoint, along with scope api.bap.microsoft.com/.default
As far as the api.powerplatform.com API is concerned, the docs state that there are no application permissions for the "Power Platform API" ressource: Service principal applications are treated within Power Platform like how normal users are with the Power Platform Administrator role assigned . However, when obtaining a token with scope api.powerplatform.com/.default, you can't do anything with it apparently, because the API just returns The request cannot be completed because the principal in tenant ... with object id ... does not exist. I double and triple checked the IDs, but the error persists. It seems to me that the bypass functionality for service principal permissions is not fully implemented yet, since the whole thing is still in preview.
For Bap someone showed me can be done with cli (learn.microsoft.com/en-us/powershe...)
I could never find the right permission to add to the spn, so I was only able to use it by use entra connector in Power Automote or get token from dev tools
Yeah, most likely that powershell command does a PUT api.bap.microsoft.com/providers/Mi... under the hood.
The endpoints you listed under the Bap api already worked after executing the PUT endpoint, with no futher permissions required. However in the api.powerplatform.com API this is not the case at all, although clearly stated in the docs...
Hey Alex @alex_t_ece94d66b3566b2b40 ,
How exactly did you register the application with Microsoft Power Platform in order to use the SPN to make bap calls?
I tried following the steps in Microsoft docs you sent (I am trying to do it via the PUT call to the api.bap endpoint as described here. But - I am getting this error when trying to get "a bearer token obtained using username and password authentication" as Microsoft claims is needed in order to run this call.
The error I am getting - "error": "invalid_grant",
"error_description": "AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access 'api.bap.microsoft.com'
I tried excluding myself from all CAP that might enforce MFA but looks like this is Microsoft Defaults that are blocking this.
Am curios if you managed to register the app using this method or did yu use the CLI method?
Thank you in advance!
Hello Shachar @shachar_maimon_829621f0dd, sounds like the Public Client switch in your app registration settings isn't enabled, as stated here.
I did not use the cli for registering the management app, just the PUT call was sufficient.
Thank you! I moved the switch to Public but still get the same errors. I also excluded the admin I am using from all MFA in my conditional access policy but I still get this response:
"{
"error": "invalid_grant",
"error_description": "AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '4752"
Also, When I removed all of these admin MFA enrolmmnets, I got this response:
{
"error": "invalid_grant",
"error_description": "AADSTS50079: Due to a configuration change made by your administrator, or because you moved to a new location, you must enroll in multi-factor authentication to access..."
Pretty lost with this, any ideas on what can solve it?
Here is the call I am making:
POST login.microsoftonline.com/{tenant_...
grant_type=password
scope=service.powerapps.com/.default
client_id=XXX
username=XXX
Password=XXX
I was able to solve this by going to enrta ID and disabling the per user MFA Enforcment on the admin. Once I got the token and added the app I added the enforcement again. Thank you for all the help! Note that I have a support session booked with power platform support on how to make SP work with the api.powerplatform.com module as I am experiencing the same as you mentioned. Will update if they provide any help.
Hi @wyattdave Hope you are doing great , i am facing an issue while using below platorm api please help me i am not able to create a connection, it will be great if you support me.
Base Resource URL :c1a9b879856ce29fa5754ec5693da8.env...
Microsoft Entra ID Resource URI (Application ID URI) : c1a9b879856ce29fa5754ec5693da8.env...
Hi @sandy_chowdary_fb23debad6 , the resource should be
api.powerplatform.comIm on linked in so feel free to message me there if you need any more help
Dear @wyattdave ,
Please share the API methods/endpoint details on how to update an existing connection. I do not want to create a new connection. I am trying to update the retrieved password (which is rotated frequently) for my Desktop flow connection. Any help here is appreciated..
Hi Vishvesh, Im afraid I havent done much work with connections, in my limited experience due to the sensitivity of them there are additional controls that make it difficult to call directly through api. I would recommend opening the dev tools and watching network traffic when creating connection. The general structure between create and view are normally the same url but GET and no body
I found this article searching for an API that can be called to refresh a Power Platform/ Dataverse Dataflow (the kind that loads data to dataverse tables). Does anyone know if it's possible to use any of the APIs outlined in this article to kick off a refresh of a Power Platform dataflow?
Dataflows are acually Power Query/Power BI APIs, so this isnt covered here. But you could try looking here learn.microsoft.com/en-us/power-pl...
Thanks David. It looks like that page links to upcoming features. I did see that when refreshing these types of dataflows the "us.prod.powerquery.microsoft.com/a..." endpoint is called. I'm not finding a lot of information about that, and I suspect I can't just call that using the HTTP w/ Microsoft Entra action like you mentioned in an earlier comment. I'll keep looking into this though.