Blog Post

Azure Integration Services Blog
2 MIN READ

Generating Webhook Action Callback URL with Primary or secondary Access Key

Ibrahim_Ali81's avatar
Ibrahim_Ali81
Icon for Microsoft rankMicrosoft
May 05, 2025

Issue:
In case of having logic app with Webhook action, Regenerating Logic App primary access key will invalidate this logic app’s Webhook action callback SAS URLs that were already generated in the in-progress logic app runs, and it will cause these runs to be stuck waiting the callback, while the service to which webhook action subscribed will fail with the following error to send the callback to the callback URL  that became invalid after access key regenerating

{

"error": {

"code": "AuthorizationFailed",

"message": "The authentication credentials are not valid."

}

}

Cause:

The default behavior is to sign Webhook action callback URL using logic app primary access key

Resolution:

Editing the webhook action in logic app code view by adding accesskeyType as part of the   “inputs” property, you can add either “accessKeyType”: “Primary” or “accessKeyType”: “Secondary” as clarified in the code snip below

{

 "type": "HttpWebhook",

 "inputs": {

   "subscribe": {

     "method": "POST",

     "uri": "https://prod-123.westeurope.logic.azure.com:443/workflows/8197704921534015b6f556752bde0b77/triggers/When_a_HTTP_request_is_received/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2FWhen_a_HTTP_request_is_received%2Frun&<removed sig and sv>",

     "body": "@listCallbackUrl()"

   },

   "accessKeyType": "Secondary"

 },

 "runAfter": {}

}
 

 

More Information:

 Having accessKeyType property will help to plan access key regenerating and comply with security recommendation below, so you can plan access key Regenerating for the access key type that doesn't have in progress logic app run and using this access key type for new logic app runs while planning the other access key type regenerating when the related in progress logic app runs are complete:

"To maintain security and protect access to your logic app workflow, regenerate access keys on a regular schedule as they might need to comply with security policies or become compromised. This way, you can make sure that only authorized requests can trigger your workflow, which protects your data and processes from unauthorized access."
Related Documentation:

 regenerate access keys

Subscribe and wait for events in workflows - Azure Logic Apps | Microsoft Learn

 

 

Updated May 05, 2025
Version 1.0
logic apps
No CommentsBe the first to comment