Trigger Azure AD Protected API hosted in Azure Web Apps from Power Automate

Question

We have a Web API hosted in Azure as an Azure Web App. This API requires an access token from our Azure AD to authenticate. This API works when triggered via http from a client application. However, we need to trigger this API to run on a schedule as well and thought Power Automate would be a useful tool here as we can schedule an authenticated http request (but are open to alternative solutions).

This is the basic flow we were considering:

We have registered the Power Automate flow as an App Registration in our Azure AD, we get a valid access token, however, when we call the API I can see from Application Insights that we are getting an Unauthorized Error because neither scope nor roles are specified in the token claims. How can we call this Azure AD Protected API from Power Automate?

Note:

1. We are not using azure functions to schedule this job because we require a predictable IP and we already have a Azure App Service Plan to host this API.

2. We need this API to run on a schedule, but also be triggerable via http

Answer 1

We have tested this in our local environment, it is working fine. The below statements are based on our analysis.

1. We have created a Web app (running with .NET 6 as run-time stack & windows OS), enabled Application insights & published a sample web application which has 2 pages(home, privacy) from our local Visual Studio code 2022.

2. In order to call one of the web app pages (privacy) from the Power-automate HTTP trigger, we have enabled Authentication to the web app which has created app registration in the Azure AD with User.Read as Delegated Permission.

3. Post enabling the Authentication, we are able to call the web app privacy page from power-automate without any issue. All the requests that were triggered from power automate are showing success in the application insights as well.

Here is the sample output for reference:

In the below screenshot, using HTTP trigger we have called the webapp & requested got success even in application insights as well.

Note: We would suggest you to check whether you have given the correct client id , secret values & app registration permissions (User.Read) in HTTP trigger of power-automate.