Custom connector with webhook trigger raises DirectApiAuthorizationRequired when called
I'm building a custom connector on Power Automate and have given it a webhook-based trigger. Similar to the "Use a webhook trigger" tutorial, my goal is for my connector to generate its own webhook URL, register it with my own app when instantiated, and trigger the flow when my app sends a request to the URL.
When I instantiate my trigger in a Power Automate flow, it correctly passes the generated webhook URL to my app once the flow is saved. However, when I send a request to the URL from my end, I get the following HTTP 401 response:
{
"error": {
"code": "DirectApiAuthorizationRequired",
"message": "The request must be authenticated only by Shared Access scheme."
}
}
If this was an instance of the "When an HTTP request is received" trigger instead, I could resolve this by setting the "Who Can Trigger The Flow?" param to "Anyone":
Since this is a custom connector, however, no such parameter is available, and I've been unable to find any way to configure the visibility or authorization strategy of the generated webhooks.
Question
Is there any way to make a custom connectors' webhooks callable from an arbitrary service? And if not, how can I configure my service so that it's authorized to call the generated webhooks?
Troubleshooting so far
My custom connector passes validation on the Power Automate web editor, and is able to generate and register a webhook URL with my own service. I've tried making the POST request to the Webhook URL from several different platforms (my app's server, Postman, etc) with the same 401 response each time. All results that I've found by googling variants of "power automate custom connector webhook DirectApiAuthorizationRequired" have been about the built-in (non-custom) HTTP connector trigger (eg), were unanswered (eg), or were solved by removing an authentication header (eg) that I'm not using.
Other things I've tried:
- Reading through the "Troubleshoot common issues with triggers" help page (does not address this behavior)
- POSTing to the webhook URL with the header
Authorization="SharedKey foo:bar", based on the Shared Access docs, to see what would happen. Result:{"error":{"code":"DirectApiInvalidAuthorizationScheme","message":"The provided authentication token is not valid. Only 'basic' or 'bearer' type of token is supported."}}(implying that only Basic or Bearer auth is allowed?) - POSTing with
Authorization="Basic foo:bar". Result:{"error":{"code":"AuthorizationFailed","message":"The provided authorization header value is not valid."}}(implying that there might be a way to provide valid credentials with basic auth?) - POSTing with
Authorization="Bearer foobar". Result:{"error":{"code":"OAuthAccessPolicyNotFound","message":"'Authorization' header is not allowed, The OAuth authentication policy is not enabled for the workflow."}}(implying that theAuthorizationheader shouldn't be used at all??)
This turned out to be the fault of my own app.
Power Automate webhook URLs should be callable without separate authorization, because they authenticate through the included sig URL param. Unfortunately, I had set up my local MySQL column that stored incoming webhook URLs as VARCHAR(255), and even worse, the stored values were being silently truncated (default behavior in older versions of Rails) rather than raising an error. Since Power Automate webhook URLs tend to be longer than 300 characters, the end of each URL was being truncated, and my app was storing an incomplete URL without the sig=... param.
If future searchers run into similar behavior, make sure that the app receiving the webhook URLs is configured to store the entire URL, and not just the first 255 characters.
- Empty body on alert trading view webhook
- Graph API : How can I get Sharepoint webhook resourceData Id?
- How can I get Events from Hikvision camera to my Typescript project and is there any documentation on the camera's internal API?
- How do I create a GitLab webhook?
- Automatic build on Jenkins initiated from GitHub. Not working. 502 returned
- Whatsapp webhook won't connect with ngrok
- How do I resolve the following EACCES: permission denied in my nodejs app?
- How to set Telegram bot webhook?
- Error WebHook by Trinsic API (former Streetcred)
- How to get webhook response data in .NET 6
- Custom UPI payment api?
- RocketReach Lookup webhook to Google Sheets via Apps Script
- Create webook to get notified, user create and update in azure portal
- Telegram, Python-telegram-bot==13.13, webhook
- Rundeck webhook for log events
- Stripe customer subscription event behavior using webhook
- Why ngrok send me a 403 Forbidden
- Can't set parameters in Azure Automation Account webhook in Powershell
- Why is my websocket coroutine not being called in the following code?
- Stripe Connect Express Webhook - How to get Stripe webhook to fire once user has completed Stripe Connect Express form and is redirected
- Custom connector with webhook trigger raises DirectApiAuthorizationRequired when called
- ReadTheDocs: trigger build only for a given folder
- HOW TO TRIGGER AZUREDEVOPS PIPELINE FROM GITLAB THROUGH GITLAB WEBHOOK
- Node and Express: How to implement basic webhook server
- 'Catching' webhook event in Azure
- magnolia webhook configuration not triggering
- How best listen to incoming webhooks in PHP?
- How to include private Slack File in Incoming Webhook?
- Ordered Messaging Service Architecture
- Stripe Connect: live-mode webhooks called for test-mode payments