We are getting an error while trying to trigger a PATCH request via HTTP AZURE Gateway from Power Virtual Agent BOT to S/4 HANA through OData v2 service. The same service works fine when we test it from POSTMAN and through SAP Gateway Client.
The BOT is deployed on MS Teams.
Below are the steps which are configured from BOT perspective:
Trigger a GET request to fetch the CSRF token using below HTTP headers
Authorization: Bearer(tokenvalue)
X-CSRF-Token : Fetch
Set-Cookie : Fetch
The above cookie value is being converted to eliminate '/', spaces and commas. The same has been replaced with %2F, %2b and ; respectively in the encoded format.
Once the CSRF token is fetched, it is stored in a local variable and passed to PATCH request
Authorization : Bearer(tokenvalue)
X-CSRF-Token :
Cookie :
Below is the error we are able to see in Power Automate Flow.
**
"error": {
"code": 403,
"message": "The response is not in a JSON format.",
"innerError": "CSRF token validation failed"
}
}
```**
We are expecting success call for this PATCH request. This is working fine with same user when tested in POSTMAN and native SAP gateway client.
you are using the microsoft on-premise-gateway to connect your odata service.
the on-premise-gateway establishes always a new http connection that expires the X-CSRF-TOKEN
maybe this will be supported in a later version
Related
I have an API which has Authorization has bearer token. I tested in post man and it's working. However, it's not working when I used web activity in the ADF.
I am passing the url in the URL section. Created new header, typed Authorization and gave value "Bearer token"
Getting below error
Error
Troubleshoot activity failures
{
"errorCode": "2108",
"message": "{\"error\":{\"type\":\"invalid_request_error\",\"message\":\"Request forbidden by administrative rules. Please make sure your request has an acceptable User-Agent header.\",\"documentation_url\":\"https://developer.dentally.co\"}}",
"failureType": "UserError",
"target": "Web1",
"details": []
}
Can anyone please advise?
I reproduced the same in my environment. I successfully generated a bearer Token with Postman.
To solve the above error code:2200. Please follow the below approach.
I used the same URL with web Activity and generated a bearer Token in the Azure data factory.
Generate bearer Token as shown below:
Connect Web activity 2 with newly created Web1 activity
Add dynamic expression : Bearer #{activity('Web2').output.data.Token}
Output:
Reference:
Sample Rest API URL for testing with authentication by Ashok Patel
I am trying to register an application on the azure ad using the Graph API calls.
I am using the postman to hit the APIs and I have admin access in Azure.
So Far I have tried the following things:
I registered an application manually on Azure AD using this doc- https://learn.microsoft.com/en-us/azure/databricks/dev-tools/api/latest/aad/service-prin-aad-token. (I gave all the required permissions to my application)
I am fetching the token using the service to service call client credentials- https://learn.microsoft.com/en-us/azure/active-directory/azuread-dev/v1-oauth2-client-creds-grant-flow.
After getting the token I pass it in the Authorization and hit the MS graph Create Application endpoint. https://learn.microsoft.com/en-us/graph/api/application-post-applications?view=graph-rest-1.0&tabs=http.
But In the postman, I am not getting any response body. I have checked my Azure Tenant but I am not able to find any newly Registered App.
For Token service(Get)
Endpoint- https://login.microsoftonline.com/{my-tenant-id}/oauth2/token
body-
grant_type:client_credentials
client_id:{app-id}
scope:https://graph.microsoft.com/.default
client_secret:{secret}
//resource:https://graph.microsoft.com
Response success(200) with token
For Create App(POST)
https://graph.microsoft.com/v1.0/applications
body: {
"displayName": "Created with MS Graph API"
}
Authorization: Bearer {token}
Response: Nothing is showing in response
Response from API
You can register the application using the Create Application API
POST https://graph.microsoft.com/beta/applications
You need to have enough permissions first to be able to register an application with Azure AD. This sample shows how to register and create an application to target the Graph API. https://github.com/microsoftgraph/aspnet-snippets-sample
I found the solution, In the API Header, I was specifying the Content-Length= 67 which was not required. Now I am able to get the Success response.
https://learn.microsoft.com/en-us/graph/api/application-post-applications?view=graph-rest-1.0&tabs=http
If we look at the MS documentation, They have provided the below example
POST https://graph.microsoft.com/v1.0/applications
Content-type: application/json
Content-length: 67
{
"displayName": "Display name"
}
We don't need to pass the Content-Length in headers.
I am working on the Azure Redis Cache, and I am using a REST API to create a cache. The response I get is :
HTTP/1.1 401 Unauthorized
{
"error": {
"code": "AuthenticationFailed",
"message": "Authentication failed. The 'Authorization' header is missing."
}
}
I could not find any Authorization header in the documentation. Can someone suggest the procedure to generate the authorization header ?
Essentially creating an Azure Redis Cache account operation is an Azure Resource Manager (ARM) operation. Each ARM operation requires an authorization header that must be included in the request. Because you didn't include this header in your request, you're getting this error.
Please see Resource Manager REST APIs for detailed instructions on how you can authenticate your ARM API requests.
I'm having issues with using tokens to access my Azure Web API. I followed this documentation from Microsoft.
I can successfully request an access token by doing a POST request to the authorization token endpoint:
https://login.microsoftonline.com/{Tenant ID}/oauth2/token
My POST body:
client_id:( Web API client ID )
client_secret:( Web API client Secret )
grant_type:password
username:userName
password:*******
resource:sharepoint.com
I'm using POSTMAN to test my calls and when I try to access my API using that returned token from above, I get a 401 unauthorized.
Was a configuration issue inside my WebConfig file.
I've been trying to use the Azure Service Management API in order to list the Hosted Services with no success.
In the first place, I was able to set up the authentication using PowerShell as the Microsoft documentation states here: https://msdn.microsoft.com/en-us/library/azure/dn790557.aspx
My first step was to request an access token using OAuth2 making a POST request to this URL:
https://login.windows.net/<MY_TENANT_ID>/oauth2/token
and passing these parameters:
grant_type: client_credentials
client_id: <THE_CLIENT_ID_OF_THE_APP_REGISTERED_THROUGH_POWERSHELL>
client_secret: <THE_PASSWORD_OF_APP_REGISTERED_THROUGH_POWERSHELL>
resource: https://management.core.windows.net
so, I receive a valid response and an access_token included in the response. So far so good.
Then, I want to make a simple call to the Management API; I would like to list my Hosted Services (Cloud Services), so I make a GET request to this URL:
https://management.core.windows.net/<MY_SUBSCRIPTION_ID>/services/hostedservices
Including the following headers:
Authorization: Bearer <THE_ACCESS_TOKEN_RECEIVED_IN_THE_PREVIOUS_STEP>
x-ms-version: 2014-10-01 (I've also tested with different versions)
but, what I get is a 401 Unauthorized error, with the following message:
The JWT token does not contain expected audience uri 'https://management.core.windows.net/'
I also tried with a Native Application registered directly in the Azure Portal (with Permissions set to use the Service Management API) and requesting a token using the grant_type = authorization_code. I get the access_token correctly and a refresh_token, but when I try to make a request to the above URL, I get the same error message.
On a side note, I am able to use the Azure Insights API successfully; the issue above is with the Azure Service Management API.
Anyone knows what I am missing?
I faced the same problem today. Complete the resource url with '/' https://management.core.windows.net
See the mismatch between the url in your resource and the one in the error message 'https://management.core.windows.net/'