Credits- http://m.alnafsy.com/
Now that we are well acquainted with power apps and creating a microsoft graph custom connector in it, let us familiarize ourselves with the following terms once so that we can proceed to call Microsoft graph API in Power Automate using custome connectors for which we will require to set the criteria in authentication.
Azure API Management Gateway
Custom connectors are supported by Microsoft Azure API Management infrastructure. When a connection to the underlying API is created, the API Management gateway stores the API credentials or tokens, depending on the type of authentication used, on a per-connection basis in a token store. This solution enables authentication at the connection level.
Credits- https://commons.wikimedia.org/wiki/File:Crypto_key.svg
Azure API Authentication
Before using any connector in Azure Logic Apps, Power Automate, or Power Apps, the user needs to create a connection by authenticating to the network service. There are different types of authentication.
- No authentication- No further information is required.
- Basic authentication- The user will provide the user name and password to create the connection.
- API Key- Used by web services. Make sure that you define- Parameter label, Parameter name, Parameter location
- OAuth 2.0 authentication- Available for online connectors. Provides implementations for specific services and prebuilt identity provider templates, when selected, fill in many of the fields that are required by OAuth 2.0.
- Windows authentication- Available only for connections that use on-premises data gateway, when the Connect via on-premises data gateway check box is set on the General tab. When a new connection is created, the user will need to provide Windows credentials for the service and then select one of the installed on-premises gateways.
Azure AD Authentication
Prerequisites
An account on Power Apps Portal, Graph Explorer, Microsoft Azure.
Let's get started!
Step 1: Create a new solution.
- Go to Power Apps maker portal and make sure to be in the correct environment.
- Select Solutions > + New solution and enter the following details.
- Don't navigate away from this page after selecting 'Create'.
Step 2: Use Graph Explorer to test the API.
- Sign in to the Graph Explorer and use it to test the API. Read the permissions and continue if you agree.
- Make sure that GET is selected for the verb, add /insights/used to the URL, and then select Run query.
- You should get a 403 error indicating that Graph Explorer lacks your permission to perform this action.
- Select the Modify permissions tab to grant Graph Explorer permission > Select Sites.Read.All > Consent.
- Read the requested permissions, continue if you agree and select Run query again.
- Start a new browser session tab. Sign in to OneDrive Personal Cloud Storage.
- Select + New and select Word document.
- Enter some test text in the Word file. The document will be saved automatically for you.
- Go back to the Graph Explorer and run the same query again.
- You should now get a response with values. Select the response JSON, right-click, select Copy, and then save it.
Step 3: Register a new application and add permissions.
- Sign in to Microsoft Azure with your user admin credentials.
- Select Show portal menu and then select Azure Active Directory.
- Enter Learn last used connector for Name, enter https://global.consent.azure-apim.net/redirect for Redirect URI, and then select Register.
- Select API permissions and then select + Add a permission.
- Select Certificates & secrets and + New client secret.
- Enter Last used connector action for Description, select In 1 year for Expires, and then select Add.
- Copy the Value and save it for later because it won't be shown again. You will use this user secret when creating the connector.
- Select Overview, copy the Application (Client) ID and save it on a notepad. You'll use this client ID when creating the connector.
Step 4: Create a custom connector.
- Make sure to sign in and be in the right environment in the Power Apps Admin Portal.
- Select Solutions and then select to open the Contoso graph solution that you created in 'Step 1: Create a new solution'.
- Select + New > Other > Custom connector.
- Enter Contoso graph for Connector name, scroll down, enter graph.microsoft.com for Host and /v1.0 for Base URL and select Security.
- Select OAuth 2.0 for Authentication and Azure Active Directory for Identity Provider.
- Paste the ID that you copied from Azure in the Client id field and then paste the Value that you copied from Azure in the Client secret field.
- Enter https://graph.microsoft.com for Resource URL and then select Create connector. Don't navigate away from the page.
Step 5: Add the action.
- Select Definition > + New action.
- Enter Last used for Summary and LastUsed for Operation ID. Go to the Request section and select + Import from sample.
- Select Get for the verb, enter /me/insights/used for URL, and then select Import. Scroll down and select the default response.
- Select + Import from sample. Paste the response that you copied from Graph Explorer in the Body field and then select Import.
- Select Update connector. Don't navigate away from this page.
Step 6: Test the connector.
- Select the Test tab and then select + New connection.
- Provide your credentials. Read the requested permissions and continue.
- Select Refresh connections and Test operation. You should see a 200 status, and the response should look like the image.
Summary
Congratulations! You have now created an environment to call Microsoft Graph API in Power Automate and can proceed to learn more in this area. Do leave your feedback in the comments below. Our next blog will on how to connect Power BI to Microsoft Graph. Stay tuned!
Next Steps
More info on overview of Microsoft Graph
Basics of Power BI