I am working on Logic apps with HTTP Listener and tried with the below option rather creating API Controller. Referring below URLs
https://azure.microsoft.com/en-us/documentation/articles/app-service-logic-http-endpoint/
I created a Logic App with "HTTP Request" and do the processing and send the response back to caller. It is working as expected.
but one thing i just wanted to know is , when i create HTTP Request, it provides default URL like below,
https://prod-****.logic.azure.com:443/workflows/*******69a5b764/triggers/request/run?api-version=2015-08-01-preview&sp=%2Ftriggers%2Frequest%2Frun&sv=1.0&sig=*****2MCOoTKZU
Shall we define Custom URL instead default one, like below
Please advise.
There are two different approaches you can hide the original Logic App URL:
Using Azure API Management (APIM)
Using Azure Functions Proxy (AFP)
Through APIM or AFP, you can hide the SAS token part of querystring, sp, sv andd sig, as well as the api-version parameter. Those parameters can be passed through the request header.
By doing so, you can use your own custom URL and hide the SAS token. I've written a blog post about this: https://blog.mexia.com.au/securing-sas-token-from-azure-logic-apps
Related
Hello I am trying to deploy my Azure Machine Learning pipeline with a REST endpoint. My problem is that I was able to generate an endpoint but has some sensitive information in it (ex: subscription id, resource group, etc). How can I generate a URL that forwards the request body to my Azure ML REST endpoint?
also, here is an approach I've done:
Used Application Gateway Redirect (this approach didn't forward the request body. It instead turned my POST request into a GET request when it redirected to the correct URL.)
The issue is raised because of some of the default security headers dependent on REST API and web based. Need to set the REST API CSP HEADER. Check the request and response headers in config file of the web application.
We are using Azure Logic Apps with webhooks.
The webhooks are calling some APIs (service fabric backend - but this shoudn't matter) via Azure APIM.
On completing the specific job, the APIs call the Logic App's webhook callback - just by the book.
On the other hand, there is an IP range limitation setup on LA's trigers.
Everything was working fine until recently - for just some of our environments, sometimes the callback call from the APIs fail - apparently because the IP is not recognized by the Logic App.
First question: why (is) the restriction applied also for callbacks - those are not actual triggers?
Second question: how is it possible that the callbacks still work in some of our environments, having the same restrictions applied.
As for the IP Restrictions, the gateway through which all incoming requests are processed is the same for both the Request Connector and the HTTP WebHook Connector. While you may be using the action here, there is a WebHook Trigger that works in a similar fashion but as a trigger instead.
As for why you are getting failures at times would depend on how requests are being routed from your APIs to Logic Apps. One way to ensure access just from a single IP is to route these callbacks to APIM and let APIM forward the request to your Logic Apps. This way, all requests to your Logic Apps would be coming from APIM.
To route the callback requests through APIM, you will need a special API/Operation in APIM that will forward requests to the URL passed in the header or a query parameter.
So instead of directly calling the callback URL, you will call this APIM endpoint with the callback URL in a custom header or as a query parameter. The APIM policy for this operation will use the set-backend-service and rewrite-uri policies to forward this call to the logic apps endpoint.
I want to purge an Azure CDN endpoint from Microsoft Flow. The CDN Profile's Pricing Ties is Standard Verzion.
I have created a Microsoft Flow with an HTTP - HTTP action.
I used an URL generated by the tool shown by clicking on Try it on https://learn.microsoft.com/en-us/rest/api/cdn/endpoints/purgecontent and filling the necessary fields.
I want to purge all CDN content so I put the following as a body (I hope this is the right way as the official docs were silent about this use case).
{
"contentPaths": [
"/*"
]
}
I have created a Registered application in the Azure Active Directory and used that to fill in Active Directory OAuth fields of the HTTP - HTTP action. I presume that the OAuth authentication is succeeding as if I put wrong values in any of the fields I get a respective error message.
So the HTTP - HTTP action is filled as on the following image. The image mostly shows where I got the values I used on the real flow.
When I run the flow it fails and shows just Unauthorized. inside the failed HTTP - HTTP action.
I have tried to add the app as a Contributor role of the CDN Profile but the error stayed the same.
How to get it working?
According to the error message, it seems that you missed the access token in the request.
If you want to generate the token for your azure ad app(service principal), you could refer to this article and the thread of generating the access token via postman.
Also, you could try to add the app as a role in the logic app.
In our deployed environment, we will have an Azure Function that is triggered via ServiceBus, which is great. But for local testing, I want to be able to make use of the following advice from the following article:
For all kinds of functions other than HTTP triggers and webhooks, you can test your functions locally by calling an administration endpoint. Calling this endpoint with an HTTP POST request on the local server triggers the function. You can optionally pass test data to the execution in the body of the POST request. This functionality is similar to the Test tab in the Azure portal.
However, when I do said post request to localhost:7071/admin/functions/NameOfMyFunction, the following exception gets thrown from within the Azure code:
System.InvalidOperationException: 'No authentication handler is configured to authenticate for the scheme: ArmToken'
For functions with ServiceBusTrigger on them, is there some Authentication header that I need to put on this test HTTP post?
For functions with ServiceBusTrigger on them, is there some Authentication header that I need to put on this test HTTP post?
It odd that you get that error. Based on my test, there is no need to add authentication header for it. I test it with VS 2017,it works correctly on my side.
The following is my detail steps, you could refer to:
1.Create an azure function app and add service bus trigger.
2.Test it with postman
post localhost:7071/admin/functions/{functionName}
body
{"input":"Service Bus Message"}
Console output:
We have API exposed to our customers through API Management. The security is handled using subscription key which is expected in "Ocp-Apim-Subscription-Key" header.
One of our methods supports polling trigger specifications, with "Location" and "Retry-After" header in response. For one of our customers we want to create Logic Apps, that would fire some actions on this trigger.
We set up HTTP trigger where we provided "Ocp-Apim-Subscription-Key" header in inputs parameters.
Here is the problem. The header is added only to the first request. Subsequent requests using "Location" url don't have this "Ocp-Apim-Subscription-Key" header, so they are rejected by API Management proxy.
I verified that header is in fact missing with some mock API, so it's definitely on Logic Apps end.
Does anyone have any idea how to resolve it?