Using Single Tenant Logic App workflow endpoint as Event Grid Subscription

Published Jan 19 2022 10:41 PM 1,723 Views
Senior Member

As we all know, the Logic App endpoints are one of the Event Grid subscribers to handle the events from either System or Custom Event Grid Topics. In Consumption Logic App, we had an option to choose the Logic Apps from drop down or using the Webhook URL provided with endpoint URL but it isn't in in case single tenant Logic App at the time of writing this article. If you would like to use the single-tenant LogicApp  workflow endpoints as Event Grid Subscribers, we need to explicit perform the subscription handshake validation. Let see what errors we see while creating subscription with Single-Tenant LogicApp endpoints and how to implement explicit subscription handshake validation as documented here below.


In short, when an endpoint (Subscriber) need to act like Event Grid Subscriber to handle the events, it must first validate the Subscription handshake (Validation) to agree that its accepting to receive the events. In this validation Event Grid sends a validation request to the endpoint (Subscriber) and subscriber needs to accept the invite and sends the acceptance back to the Event Grid Publisher. Then the Publisher/Topic will send the events to the endpoint.


In case of consumption Logic App, it has been implemented internally to accept the validations by default and doesn't need any explicit handshake validation as specified above. Where Single-Tenant Logic App must perform an explicit handshake validation. Please check details below on the same.


Standard Logic App Workflow endpoint URL as Event Grid Subscription:

  • If you don't have the handshake implemented in single-tenant Logic App workflow and try to provisioning the Event Grid subscription with the webhook URL provided with workflow endpoint URL, you will get the below error.

Error: Deployment has failed with the following error: {"code":"Url validation","message":"Webhook validation handshake failed for Http POST request retuned 2XX response with response body . When a validation request is accepted without validation code in the response body, Http GET is expected on the validation url included in the validation event(within 10 minutes). For troubleshooting, visit Activity id:d0eb08b7-8b8f-4e69-8bbe-42644345a05e, timestamp: 6/5/2021 10:50:59 AM (UTC)."}


  • You will see the workflow receiving a request for the above failure which has the details of Subscription Validation Event.



    "id": "fe464e0d-645b-4ad4-91b9-a69ab838bc5a",

    "topic": "/subscriptions/{YourSubscriptionId}/resourceGroups/{ResourceGroupName}/providers/Microsoft.EventGrid/topics/LAStandardEventGridTopic",

    "subject": "",

    "data": {

      "validationCode": "E2D26E49-82E1-432E3-EEE-ERTS",



    "eventType": "Microsoft.EventGrid.SubscriptionValidationEvent",

    "eventTime": "2021-06-05T10:50:58.4926037Z",

    "metadataVersion": "1",

    "dataVersion": "2"



  • Explicit Handshake Validation:  To perform explicit hand shake validation, we need to edit the workflow which acts like subscriber to send the retrieved validation code in response as below. Further, you can implement conditional statement to handle the event grid subscription validation and business logic having a check on EventType (
    or existence of Validationcode (IsValidationCode present?) etc..


Response action:


  "validationResponse": @{triggerBody()[0]?['data']?['validationCode']}






Event Grid topics won't be able to deliver the events on private endpoints. Hence if you have Logic App enabled with Private Endpoint, you wouldn't be able to use the workflow endpoints as event grid subscriptions. Check more details 


Feel free to let me know if you have any issues or suggestions.


Version history
Last update:
‎Jan 18 2022 07:34 PM
Updated by: