We are using Azure Logic Apps with webhooks.
The webhooks are calling some APIs (service fabric backend - but this shoudn't matter) via Azure APIM.
On completing the specific job, the APIs call the Logic App's webhook callback - just by the book.
On the other hand, there is an IP range limitation setup on LA's trigers.
Everything was working fine until recently - for just some of our environments, sometimes the callback call from the APIs fail - apparently because the IP is not recognized by the Logic App.
First question: why (is) the restriction applied also for callbacks - those are not actual triggers?
Second question: how is it possible that the callbacks still work in some of our environments, having the same restrictions applied.
As for the IP Restrictions, the gateway through which all incoming requests are processed is the same for both the Request Connector and the HTTP WebHook Connector. While you may be using the action here, there is a WebHook Trigger that works in a similar fashion but as a trigger instead.
As for why you are getting failures at times would depend on how requests are being routed from your APIs to Logic Apps. One way to ensure access just from a single IP is to route these callbacks to APIM and let APIM forward the request to your Logic Apps. This way, all requests to your Logic Apps would be coming from APIM.
To route the callback requests through APIM, you will need a special API/Operation in APIM that will forward requests to the URL passed in the header or a query parameter.
So instead of directly calling the callback URL, you will call this APIM endpoint with the callback URL in a custom header or as a query parameter. The APIM policy for this operation will use the set-backend-service and rewrite-uri policies to forward this call to the logic apps endpoint.
Related
I have configured an Azure Logic App with an HTTP trigger and added a few actions with respect to my requirements. In the If condition false block, I used the terminate action to stop the current run for a workflow instance.
I configured the above Azure Logic App endpoint as a webhook. But sometimes the webhook receives a bad request from Azure Logic App. But in the Azure Logic App I didn’t return any response.
Can anyone suggest me Is the issue with 'Terminate' Action or not?
Can anyone suggest me Is the issue with 'Terminate' Action or not?
No, it is not with the Terminate action rather it is with the HTTP Connector that you are using.
After reproducing from my end, I have observed that the below bad request is due to
502 status code which in general is caused when the server did not receive a response.
Since you are using a HTTP Webhook connector, the flow just loops every time the condition is true, and it never ends unless the logic app receives a response in that flow. One way to resolve this is to use a HTTP connector instead of HTTP Webhook since it doesn't require a response to complete the flow rather it just calls the URL.
Hello I am trying to deploy my Azure Machine Learning pipeline with a REST endpoint. My problem is that I was able to generate an endpoint but has some sensitive information in it (ex: subscription id, resource group, etc). How can I generate a URL that forwards the request body to my Azure ML REST endpoint?
also, here is an approach I've done:
Used Application Gateway Redirect (this approach didn't forward the request body. It instead turned my POST request into a GET request when it redirected to the correct URL.)
The issue is raised because of some of the default security headers dependent on REST API and web based. Need to set the REST API CSP HEADER. Check the request and response headers in config file of the web application.
So, I have an API in Azure-API-Management, which is attached to a function. I want to expose one the method in API as Web-hook for another application CRM. It will be an inbound web-hook.
Is it possible ?
A webhook endpoint is like any other HTTP endpoint that usually expects a POST request from an external system. So, yes.
Depending on the CRM Application, you could leverage APIMs built-in security features to authenticate the webhook call without having to validate credentials in your function as a bonus for using APIM.
We have API exposed to our customers through API Management. The security is handled using subscription key which is expected in "Ocp-Apim-Subscription-Key" header.
One of our methods supports polling trigger specifications, with "Location" and "Retry-After" header in response. For one of our customers we want to create Logic Apps, that would fire some actions on this trigger.
We set up HTTP trigger where we provided "Ocp-Apim-Subscription-Key" header in inputs parameters.
Here is the problem. The header is added only to the first request. Subsequent requests using "Location" url don't have this "Ocp-Apim-Subscription-Key" header, so they are rejected by API Management proxy.
I verified that header is in fact missing with some mock API, so it's definitely on Logic Apps end.
Does anyone have any idea how to resolve it?
I am working on Logic apps with HTTP Listener and tried with the below option rather creating API Controller. Referring below URLs
https://azure.microsoft.com/en-us/documentation/articles/app-service-logic-http-endpoint/
I created a Logic App with "HTTP Request" and do the processing and send the response back to caller. It is working as expected.
but one thing i just wanted to know is , when i create HTTP Request, it provides default URL like below,
https://prod-****.logic.azure.com:443/workflows/*******69a5b764/triggers/request/run?api-version=2015-08-01-preview&sp=%2Ftriggers%2Frequest%2Frun&sv=1.0&sig=*****2MCOoTKZU
Shall we define Custom URL instead default one, like below
Please advise.
There are two different approaches you can hide the original Logic App URL:
Using Azure API Management (APIM)
Using Azure Functions Proxy (AFP)
Through APIM or AFP, you can hide the SAS token part of querystring, sp, sv andd sig, as well as the api-version parameter. Those parameters can be passed through the request header.
By doing so, you can use your own custom URL and hide the SAS token. I've written a blog post about this: https://blog.mexia.com.au/securing-sas-token-from-azure-logic-apps