Changing Connections in Connection References on a Managed Solution

A connection reference is a component in a solution that holds information about a connector. It can be used by both a Canvas app and Power Automate flows. When importing a managed solution to an environment, the user is asked to either select an existing connection or create a new one. However, once a managed solution is imported, it cannot be edited as shown below

The solution to this is to use the Default Solution, which is a special solution that holds all the components within the environment.

Go to the Default Solution as shown below

To change a connection in a connection reference:

  1. Go to Connection references
  2. Select the connection reference you want to edit
  3. Click “Edit” button.

Change the connection and then click Save

This will update the connection to a new user.

Do you like this article?

Subscribe to my blog with your email address using the widget on the right side or on the bottom of this page to have new articles sent directly to your inbox the moment I publish them.

How to send an Adaptive card to a Microsoft Teams Private channel using Power Automate flow

Within Microsoft Teams, private channels create focused spaces for collaboration where only the owners or members of the private channel can access the channel. The Microsoft Teams connector in Power Automate has an action to Post an Adaptive card in a chat or channel, which posts an adaptive card as a flow bot to a specific Teams channel. The following error will appear if this action is used to post the card as a Flow bot in the Private channel

Request to the Bot framework failed with error: ‘{“error”:{“code”:”BotNotInConversationRoster”,”message”:”The bot is not part of the conversation roster.”}}’.

The above action will work if the Post as property in the action is changed to User but the creator of this connection has to be a member of the Private channel. This article shows how you can send an Adaptive card to a Private channel using incoming webhooks without being a member of the private channel

Create the Adaptive Card:

An adaptive card facilitates the exchange of UI content in a unified and consistent manner with a simple JSON without the complexity of customizing HTML or CSS. The adaptive card I have used in this example is created from the designer portal. Find below the JSON card payload

{
    "type": "AdaptiveCard",
    "body": [
        {
            "type": "TextBlock",
            "size": "Medium",
            "weight": "Bolder",
            "text": "Adaptive Card in a Private Channel"
        },
        {
            "type": "TextBlock",
            "text": "Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book",
            "wrap": true,
            "color": "Attention"
        }
    ],
    "actions": [
        {
            "type": "Action.OpenUrl",
            "title": "View",
            "url": "https://ashiqf.com"
        }
    ],
    "$schema": "http://adaptivecards.io/schemas/adaptive-card.json",
    "version": "1.4"
}

Create Incoming Webhook on a Private Channel:

Incoming Webhooks allows external applications to share content within Microsoft Teams channels, in this case the cloud will be the external application sending an Adaptive card message to the private teams channel. You can add and configure an incoming webhook on a private channel by following the instructions on this link from Microsoft. Copy the Incoming webhook URL as mentioned in Step 6 from Microsoft documentation as shown below

Cloud Flow to send the Adaptive Card to a Private Teams channel:

The adaptive card JSON and the Incoming webhook is configured, lets create now create a flow with a HTTP action to send the Adaptive card

Step 1:

Form the HTTP request body for the HTTP action. Replace the Text with the JSON payload of the Adaptive card

{
  "type": "message",
  "attachments": [
    {
      "contentType": "application/vnd.microsoft.card.adaptive",
      "contentUrl": null,
      "content": 
	  Replace the ADAPTIVE CARD JSON PAYLOAD from the designer portal
    }
  ]
}

Step 2:

Add the HTTP action to the cloud flow with the following values against each parameter

Method: POST

URL: Incoming Webhook URLBody: from Step 1

Find below the adaptive card in the Private channel

Do you like this article?

Subscribe to my blog with your email address using the widget on the right side or on the bottom of this page to have new articles sent directly to your inbox the moment I publish them.

Send Teams channel message aka proactive message using custom Teams bot and Power Automate – Part 2

In the last post, we have seen till the installation of the Teams App with the Bot on a Microsoft Team. Let us now continue to send a proactive message, be it an Adaptive card or a simple Text message on a Teams channel using Bot Framework REST API from a Power Automate Cloud Flow.

A proactive message is any message sent by a bot that isn’t in response to a request from a user. Ex: Welcome messages, Notifications, Scheduled messages, Broadcast message etc

Power Automate Cloud Flow:

For this blog post, I have used a Power Automate Instant cloud flow with manual trigger to send the message to a Teams Channel. To follow along the blog post, be ready with the following information

  1. Team ID & Channel ID

This information is required to send the proactive message to a Microsoft Team Channel. To get this information, in Microsoft Teams Client identify the Team channel in scope > Click the ellipsis of the channel in scope > Get link to channel as shown below

After decoding the channel link, the url will be in the format as shown in the below image from which you can get the channel Id and Team group ID

If you are building a Teams broadcaster or communicator application using Power Apps, these information can be stored in Table or a SharePoint list. There are Graph API endpoints which can used to get the Channel Id’s etc.

  1. Bot ID [Part 1 – Step 6]
  2. Bot Secret [Part 1 – Step 7]
  3. Teams Service URL

The service URL is the base URI for all Bot framework API requests. In Teams the service URL will change based on user’s region [EMEA, America, APAC, India etc]. This example delivers messages only on the Team channel and not to the users directly so you can choose the service URL based on the Microsoft 365 Tenant Location. Find below some URL’s based on region

RegionService URL
EMEAhttps://smba.trafficmanager.net/emea/
Americahttps://smba.trafficmanager.net/amer/
Indiahttps://smba.trafficmanager.net/in/
APAChttps://smba.trafficmanager.net/APAC/

All the required information is now available to proceed with sending the channel message using REST API.

Generate Access Token – Bot Framework REST API:

There are SDK’s in Bot Framework for programming languages like .NET, JavaScript, Python etc to handle all conversations for you but an alternative to using the SDK is leveraging Bot Framework REST API. The first step in using the different REST API endpoints from Bot Framework is to generate an access token which is then added to the Authorization header of each API request in this format

Authorization: Bearer ACCESS_TOKEN

To request an access, make a HTTP request per the following details

Method: POST

Request URL:

https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token

Content-Type: application/x-www-form-urlencoded

Body:

grant_type=client_credentials&client_id=botId&client_secret=botSecret&scope=https://api.botframework.com/.default

Replace the botId and botSecret with the values stored from the previous steps. The Bot Id and the secret are from the custom Teams app created based on the previous post.

Add a HTTP Action in your Power Automate flow to add the above details for generating the token

The JWT access token is valid for 24 hours, if the token expires make another request.

Send Teams Channel Message:

The Teams Channel conversation post or proactive message on a channel can now be sent using the REST API to Create Conversation with the access token generated in above step.

Simple Text Message:

Find below the HTTP request detail to send a simple proactive message on a Teams Channel. The conversation Id is the Teams Channel Id

Type: POST

Request URL:

https://smba.trafficmanager.net/emea/v3/conversations/teamsChannelId/activities

Replace teamsChannelId (conversationId) with the actual Team channel Id

Body:

{
  "type": "message",
  "text": "Simple Text Message"
}

Authorization Header: Bearer access_tokenvalue

The Authentication of the HTTP action should be set to Raw, the value should be in the format

Bearer access_token

You can use Parse JSON Action to extract the access token from the previous HTTP action HTTP-GenerateBOTToken or you can directly get the value using the following expression

body('HTTP-GenerateBOTToken')?['access_token']

The above HTTP request will create a HTTP response with the activity id which can be potentially used to send a reply etc.

Adaptive Card Message:

Adaptive cards are platform-agnostic snippets of UI authored in JSON that different Microsoft apps and services like Teams, Outlook can use. It can be designed using the Adaptive Card designer portal. To send an Adaptive to a Teams Channel, everything else remains the same when comparted with above give HTTP request for the Simple Text message except the Body as below

{
  "type": "message",
  "attachments": [
    {
      "contentType": "application/vnd.microsoft.card.adaptive",
      "content": {
       "msTeams": {
          "width": "full"
        },
        Replace the ADAPTIVE CARD JSON PAYLOAD from the designer portal
      }
    }
  ]
}

You can get the complete body of request from this Link. This method can be used to send the message on any standard channel but not on Private Teams channel, Microsoft has not opened the possibility to send a channel message on private channel using a Bot. Find below adaptive card message posted on the Teams Channel from the Power Automate flow

Summary:

There are lot of possibilities with the Bot connector service REST API, what I have shown above is only an endpoint to send a message in a Teams Channel. Look at this documentation on the available conversation operations like Reply, Delete, Update conversation etc. Using this approach you can build a Company broadcaster app with the possibility of reaching out to multiple Teams without the user being the member or owner of the Team. If you are visiting my blog for the first time, please do look at my other blogposts.

Do you like this article?

Subscribe to my blog with your email address using the widget on the right side or on the bottom of this page to have new articles sent directly to your inbox the moment I publish them.

Deep Link SharePoint News post in Teams using Adaptive card and Power Automate

Microsoft Teams helps us bring together content from different Microsoft 365 services for easier collaboration. In Microsoft Teams connected SharePoint site, SharePoint News connector would help receive news updates from the site. In this post let us see how to create Notifications about new News post with deep link to the post from a communication site in an Adaptive card on a Teams channel using

  1. Adaptive card
  2. Stage View
  3. Power Automate cloud flow

The users from a Teams channel would be able to read & engage on the News post by click of a button as shown below

Adaptive card:

Adaptive Cards are a platform-agnostic method of sharing and displaying blocks of information using JSON across various host applications like Teams, Outlook, Bots etc. The above adaptive card has following information from the News Post

  1. Title
  2. Description
  3. Banner Image Url
  4. Author Profile picture
  5. Author Name
  6. Published Date
  7. Deep Link to the post

The card can be designed based on your requirements from the Adaptive Card Designer portal. The JSON content of the above adaptive card can be downloaded from here.

Stage View:

Stage View helps provide a seamless experience of viewing content in Teams. Users can view the content without leaving the context thus leading to have a higher engagement. For this post, I have used stage view through deep link for a SharePoint News post. Find the syntax below to deep link SharePoint News post

https://teams.microsoft.com/l/stage/teamsAppId/0?context={"contentUrl":" newsPostPageUrl","websiteUrl":"newsPostPageUrl","name":"Internal News"}

In the above syntax replace teamsAppId, newsPostPageUrl & title which I have named as Internal News.

teamsAppId: 2a527703-1f6f-4559-a332-d8a7d288cd88

newsPostPageUrl: The url of the News post in SharePoint.

In the adaptive card action set OpenUrl the following from the stage view syntax should be encoded

{
  "contentUrl":" newsPostPageUrl",
  "websiteUrl":"newsPostPageUrl",
  "name":"Internal News"
}

I have also tested stage view for Microsoft forms & Power BI. You can find the app id for other Microsoft 365 service here on this link

https://docs.microsoft.com/en-us/graph/teams-configuring-builtin-tabs

Power Automate cloud flow:

The Cloud flow is used to send an adaptive card to a Teams channel with the SharePoint News post deep link whenever there is a new News post published in a Communication site.

Step 1: Let us start with creating the Automated cloud flow with SharePoint trigger When an item is created or modified. In the trigger, the Site Address should be url of the communication site and the List Name as the Site Pages Library GUID as shown below

Step 2: In the trigger settings enter the following trigger condition to fire only on the first major version of the News Post

@and(equals(triggerOutputs()?['body/PromotedState'],2),contains(triggerOutputs()?['body/{VersionNumber}'],'1.0'))

For more information on trigger conditions for SharePoint online, go through this blog post.

Step 3: The compose action Compose-StageViewURL with the following code

{
  "contentUrl": "@{triggerOutputs()?['body/{Link}']}",
  "websiteUrl": "@{triggerOutputs()?['body/{Link}']}",
  "name": "Internal News"
}

The trigger output Link should have the url of the News post.

Encode the content in the compose action Compose-StageViewURL using the expression encodeUriComponent() and form the remaining part of the URL.

https://teams.microsoft.com/l/stage/2a527703-1f6f-4559-a332-d8a7d288cd88/0?context= @{encodeUriComponent(outputs('Compose-StageViewURL'))}

on another compose action Compose-StageViewURL-Encoded.

Step 4: Add the action Get user photo to display the picture of the author in the adaptive card. The User (UPN) property of the action can be provided from the trigger output Created By Email. The next step is to convert the output of the Get user photo action to Base64 encoded string using the following expression

concat('data:',body('Get_user_photo_(V2)')?['$content-type'],';base64,',body('Get_user_photo_(V2)')?['$content'])

Step 5: Add the action Post Adaptive card in a chat or channel as shown below

In the adaptive card JSON, find below the mapping information of each property from the output of trigger or action

  1. Title: {triggerOutputs()?[‘body/Title’]
  2. Description: triggerOutputs()?[‘body/Description’]
  3. Banner Image Url: triggerOutputs()?[‘body/BannerImageUrl’]
  4. Author Profile picture: outputs(‘Compose-Base64ProfilePic’)
  5. Author Name: triggerOutputs()?[‘body/Author/DisplayName’]
  6. Published Date: formatDateTime(triggerOutputs()?[‘body/Created’], ‘g’)
  7. Deep Link to the post: outputs(‘Compose-StageViewURL-Encoded’)

The export version of the flow can be downloaded from this GitHub link.

Summary:

The adaptive card with stage view to a SharePoint News post allows the users to open and view the content without leaving the context. The user can also Like or Comment on the News post. Hope you have found this informational & thanks for reading. If you are visiting my blog for the first time, please do look at my other blogposts.

Do you like this article?

Subscribe to my blog with your email address using the widget on the right side or on the bottom of this page to have new articles sent directly to your inbox the moment I publish them.

Get deleted SharePoint site details using Microsoft Graph API

The deleted sites are retained for 93 days and an Admin can restore them. In this blog post let us see how to get the deleted SharePoint site details using Microsoft Graph API application permission.

Step 1: Register an application in Azure AD and obtain the client id, client secret & tenant id for the registered application. Add Sites.Read.All Microsoft Graph application permission

Step 2: Find the list GUID of the Hidden List DO_NOT_DELETE_SPLIST_TENANTADMIN_ALL_SITES_AGGREGA which has all the deleted site information from the tenant.

Make a GET request to the following Graph API endpoint with the token generated from the above AD app using PostMan or using Graph Explorer if you are an Global or SharePoint administrator

https://graph.microsoft.com/v1.0/sites/tenantName-admin.sharepoint.com/lists

Replace the tenantName with name of your tenant from the above URL

Step 3: Graph API to list all Deleted Sites within the tenant

https://graph.microsoft.com/v1.0/sites/tenantName-admin.sharepoint.com/lists/1dd71312-bceb-48bb-b853-7c0d33ac5618/items?$expand=fields

Make a GET query after replacing the tenantName and the list GUID of DO_NOT_DELETE_SPLIST_TENANTADMIN_ALL_SITES_AGGREGA from Step 2.

You can filter from different fields available [Title, SiteUrl etc]. To filter based on SharePoint site URL

https://graph.microsoft.com/v1.0/sites/tenantName-admin.sharepoint.com/lists/1dd71312-bceb-48bb-b853-7c0d33ac5618/items?$expand=fields&$filter=fields/SiteUrl eq 'https://tenantName.sharepoint.com/sites/siteName'

Step 4: To do this from Power Automate or Azure logic app, follow this post

https://ashiqf.com/2021/03/16/call-microsoft-graph-api-as-a-daemon-application-with-application-permission-from-power-automate-using-http-connector/

There are activity alerts which you can setup from Security center for Deleted Site but it will send you information on the Site URL and the name of the user deleted the site, as of now it does not provide the Title, Site ID etc. So this API can provide you additional details. Hope you have found this informational & thanks for reading. If you are visiting my blog for the first time, please do look at my other blogposts.

Conditional Power Automate flow triggers for SharePoint Online Pages and NEWS Post

SharePoint Online Pages library is a container for different type of pages (News post, Page, Space, News Link) created in a Communication or Team site. There can be various scenarios to have a Power Automate Flow associated to a SharePoint Site pages library to handle additional processes after a Page or a News post is published. In this blog post, let us see how to

  1. Trigger the flow if a News post is published
  2. Trigger the flow only for Major versions
  3. Trigger the flow for a specific Content Type
  4. Avoid infinite trigger loop on an Item Created/Modified trigger if a page/list item is updated by the flow

using Trigger Conditions. Trigger conditions can be used on a trigger to stop your Automated Flow from running if the conditions are not met. Unnecessary flow runs can spend your quota limits based on the license types without providing any value. To begin with, create an automated cloud flow with the SharePoint trigger When an item is created or modified and configurations for the Site Pages Library. Once you provide the Site URL where your Site Pages library exists, you will notice the Site Pages library doesn’t show in the drop-down. In the List Name property, just provide the guid of the library instead.

To get the guid, browse to the Site Pages library on the SharePoint site, go to Library settings and select the value after the List= parameter on the URL after decoding.

Trigger the flow if a News post is published

There can be scenarios to trigger the Flow when a News post is created or modified. A SharePoint property PromotedState can help identify if the SharePoint page is a News post or a normal page since all the different types of pages are stored in the same library.

LabelValueWhat it means
NotPromoted0Regular Page
PromoteOnPublish1News post in draft mode
Promoted2Published News post

The trigger condition will make sure the trigger is fired only when ever there is a News Post is published or Saved as draft (All Major and Minor versions).

@equals(triggerOutputs()?['body/PromotedState'],2)

Now add the above trigger condition in the settings of the trigger as shown below

The above trigger condition will have the flow triggered for all major versions (1.0, 1.1 .. 2.0, 2.1, ..).

There can be multiple trigger conditions which accepts Boolean value (True or False), all conditions must be True for the trigger to fire.

To trigger the flow only on first Published version of the flow, add the following trigger condition.

@and(equals(triggerOutputs()?['body/PromotedState'],2),equals(triggerOutputs()?['body/{VersionNumber}'],'1.0'))

To trigger the flow only on major versions and on News post, add the following trigger condition

@and(equals(triggerOutputs()?['body/PromotedState'],2),contains(triggerOutputs()?['body/{VersionNumber}'],'.0'))

Trigger the flow only for Major versions

The following trigger condition will make sure to fire only for Major versions (1.0, 2.0, 3.0 etc) and not for minor versions aka draft version (0.1, 0.2 etc)

@contains(triggerBody()?['{VersionNumber}'],'.0')

Trigger the flow for a specific Content Type

Content types in SharePoint are a set of columns that are grouped together to serve a specific type of content (Crisis News, Marketing News etc). A Page or a News post in a SharePoint site can be associated with content types. The trigger condition for the flow to be triggered only for a specific content type is

@equals(triggerOutputs()?['body/{ContentType}/Name'], 'Name of the Content Type')

Avoid infinite trigger loop on an Item Created/Modified trigger if a page/list item is updated by the flow

In your Automated cloud flow, if you have the Created or Modified trigger with an action to update the same item then there will be an infinite trigger loop.

The Flow checker will provide you a warning Actions in this flow may result in an infinite trigger loop. To overcome the above warning, trigger condition to the rescue.

How it will be done

The update item action on the flow should use a different connection (Service Account) in the flow, other than the user who will be using the site to create or update pages. The trigger condition will make sure the flow run will not happen if the update to the Page or News post is done by the service account using the Update item action. SharePoint Library and List has the out of the box column Modified By which holds the information on who has recently updated the item be it from the SharePoint UI or through program. The trigger condition will be written based on this column Modified By, if the column value has a different value other than the service account then the flow will be triggered.

Step 1: Create a service account with password never set to expire. Licenses are not required for this account if the flow connection is going to be used only on SharePoint connectors. Password setting Never Expires will make sure the connection is not invalidated due to a password change on the account.

Step 2: Grant edit access for the service account to the SharePoint site. This step allows the account to updates to the List or Library item.Step 3: Add a new connection to the service account

Step 4: Add the following trigger condition to the SharePoint trigger if the service account does not have an Exchange Email License

@not(equals(triggerOutputs()?['body/Editor/Claims'],'i:0#.f|membership|serviceaccountupn@domain.com'))

Replace the serviceaccountupn@domain.com with actual UPN of the service account.

If the service account has email address or a license to email service, then the trigger condition should be

@not(equals(triggerOutputs()?['body/Editor/Email'],'serviceaccountemail@domain.com '))

Tip to write the trigger condition:

Before adding the condition to the trigger, evaluate the condition on a compose action using expressions and data fields selected from Dynamic content.

After the condition is added on the compose action, click Peek code

Copy the expression from the inputs parameter

The condition to be added on the trigger must be True for the trigger to fire.

Summary:

Trigger conditions are powerful if used wisely to avoid unnecessary runs. I’ve shown some examples from the SharePoint pages library but it can be used on List trigger as well. The trigger can be written based on any data available on the trigger output. Hope you have found this informational & thanks for reading. If you are visiting my blog for the first time, please do look at my other blogposts.

Do you like this article?

Subscribe to my blog with your email address using the widget on the right side or on the bottom of this page to have new articles sent directly to your inbox the moment I publish them.

Create a Power Automate custom connector from Postman V2 Collection

Postman collections makes the creation of custom connectors in Power Automate easier & quicker. As of time I am writing this article, to create a custom connector using Postman collection in Power Automate the version of Postman collection has to be V1. The current version of collections exported from Postman is V2. There is a NPM package by the name Postman Collection Transformer to rescue which helps converting the collection to V1 and vice versa.

Pre-Requisites:

Step 1: Install the NPM package postman-collection-transformer using the following command

npm install -g postman-collection-transformer

Step 2: Generate the Postman collection from Postman

Step 3: Run the following command to generate the V1 collection. For more information on the NPM package go through this link.

postman-collection-transformer convert --input ./Postman_collection-V2.json --input-version 2.0.0 --output ./Postman_collection-V1.json --output-version 1.0.0 --pretty --overwrite

Step 4: V1 Postman collection is ready, you can now proceed with the creation of custom connector in the flow portal.

As pointed out by Richard Wilson, there are third party portals (Requires Registration) available which helps in converting the format of the Postman collection.

Hope you have found this informational & thanks for reading. If you are visiting my blog for the first time, please do look at my other blogposts.

Do you like this article?

Subscribe to my blog with your email address using the widget on the right side or on the bottom of this page to have new articles sent directly to your inbox the moment I publish them.

How to use form-data and form-urlencoded content type in Power Automate or Logic Apps HTTP action

Content type multipart/form-data is used to send both text and binary data to the server and x-www-form-urlencoded is used more generally used to send text data in a query string in the form of name value pairs separated by ampersand. In this blog post, let us see how to use the content-type

  • multipart/form-data
  • x-www-form-urlencoded

in a Power Automate or Logic apps HTTP action to post data with an API which has implemented the content-type. Find below the screenshot from postman with a sample API

multipart/form-data in HTTP Action:

From the above screenshot, the API is called using the content type multipart/form-data. The multipart refers to the data (in the above screenshot it is To, From & Body) which is divided into multiple parts and sent to server. For each key value pair aka part, you will have to construct something like

{
      "headers": {
        "Content-Disposition": "form-data; name=\"KEY\""
      },
      "VALUE": "what ever value you would like to send"
}

Backslash is used close the Content-Disposition header value else you will get Invalid-JSON.

To call the API displayed from the above screenshot on the HTTP Action, the body of the HTTP action should have the two attributes $content-type and $multipart as shown below

{
  "$content-type": "multipart/form-data",
  "$multipart": [
    {
      "headers": {
        "Content-Disposition": "form-data; name=\"To\""
      },
      "body": "whatsapp:+123456"
    },
    {
      "headers": {
        "Content-Disposition": "form-data; name=\"From\""
      },
      "body": "whatsapp:+178910"
    },
    {
      "headers": {
        "Content-Disposition": "form-data; name=\"Body\""
      },
      "body": "Your appointment is coming up on July 21 at 4PM"
    }
  ]
}

You can upload files using the form-data content type

{
      "headers": {
        "Content-Disposition": "form-data; name=\"file\"; filename=\"fileName.png\""
      },
      "body": "file-content"
}

The file content can be the output of the SharePoint or OneDrive connector.

x-www-form-urlencoded in HTTP Action:

The x-www-form-urlencoded content type has its form data which is encoded and sent in a single block on the HTTP request body. To call the sample API from the screenshot posted at the top of this post in the HTTP Action, the form values must be encoded & the values be separated by ampersand. Expression encodeUriComponent can be used to encode the form values

Headers:

Key: Content-Type

Value: application/x-www-form-urlencoded

Body (Separated by &):

Key=Value&Key=Value

Find below screenshot for your reference

Hope you have found this informational & thanks for reading. If you are visiting my blog for the first time, please do look at my other blogposts.

Do you like this article?

Subscribe to my blog with your email address using the widget on the right side or on the bottom of this page to have new articles sent directly to your inbox the moment I publish them.

Call a SharePoint REST API as an Application in Power Automate HTTP Connector

SharePoint connector in Power Automate is very rich with various actions that can make the developers or makers life simple when it comes to interacting with SharePoint data. There might be some actions like

  • Breaking permission to a list item
  • Creating a site
  • Adding user to a SharePoint group etc

which is not possible through the SharePoint standard connector or MS Graph API as of the time I am writing this article, SharePoint REST API to rescue. The SharePoint online REST API enables developers to remotely interact with SharePoint data. There is an action Send an HTTP request to SharePoint which could come handy in many scenarios, the point to note here is the action uses the context of user aka flow creator while executing the API. In this blogpost, let us see how to call a SharePoint REST API to create a Modern SharePoint communication site as an application in a Power Automate cloud flow using the HTTP connector with the help of a Self-Signed certificate. Find below the list of steps to enable calling the SharePoint REST API using certificate credentials

  1. Creation of Self-Signed certificate
  2. Application Registration in Azure AD Portal
  3. Creation of Power Automate cloud flow with the HTTP Connector
    • Method 1: Without using Azure Key Vault
    • Method 2: Azure Key Vault to store Certificate

Pre-Requisites:

Creation of Self-Signed certificate:

The first step is to create a certificate. Refer to this blog post for instructions creating a self signed certificate using the PnP utility

https://ashiqf.com/2021/07/05/call-microsoft-graph-api-using-a-certificate-in-a-power-automate-http-connector#self-signed-certificate

Application Registration in Azure AD Portal:

Register an application in Azure AD and obtain the client id & tenant id for the registered application. In this example I have added the Sites.Read.All Application permission with Admin Consent to create the SharePoint communication site, this permission is more than enough to create the site as an Application. Grant appropriate permission based on the requirements, for e.g to break permission on list items grant Sites.Manage.All. Find below screenshot for your reference for granting permissions

To add the above created self-signed certificate, click Certificates & secrets under the Manage blade. Click Upload certificate > Select the certificate file MSFlow.cer > Add

Creation of Power Automate cloud flow with the HTTP Connector:

Let us see below how to access the SharePoint REST API to create a SharePoint site with & without using the Azure Key Vault.

  1. Method 1: Without using Azure Key Vault
  2. Method 2: Azure Key Vault to store Certificate

Method 1: Without using Azure Key Vault

In the cloud flow, add a Compose action to store the PfxBase64 value copied during the creation of the certificate. Now add the HTTP action to create a Modern Communication site

Request Type: POST

URL: https://tenantname.sharepoint.com/_api/SPSiteManager/create

Headers:

Key: accept

Value: application/json

Body:

{
  "request": {
    "Title": "Communication Site from Cloud Flow",
    "Url": "https://tenantname.sharepoint.com/sites/commsitefromPA",
    "Lcid": 1033,
    "ShareByEmailEnabled": false,
    "Description": "Description",
    "WebTemplate": "SITEPAGEPUBLISHING#0",
    "SiteDesignId": "6142d2a0-63a5-4ba0-aede-d9fefca2c767",
    "Owner": "UPNoftheSiteAdministrator@domain.com",
    "WebTemplateExtensionId": "00000000-0000-0000-0000-000000000000"
  }
}

Change the SiteDesignId for the different site teamplate Topic, Showcase, Blank

Authentication: Active Directory OAuth

  • Tenant: TenantId
  • Audience: https://tenantname.microsoft.com
  • Client ID: Azure AD Client Id
  • Pfx: Output of the compose action
  • Password: Certificate password given during the creation

Find below screenshot for your reference

Run the flow, it should be able to create the Site. Find below screenshot of the flow run

Method 2: Azure Key Vault to store Certificate

Azure Key Vault is a cloud service for storing and accessing secrets enabling your applications accessing it in a secure manner. Follow my blog article which I have written to call a Microsoft Graph API with Certificate using a Azure Key Vault to store the certificate

https://ashiqf.com/2021/07/05/call-microsoft-graph-api-using-a-certificate-in-a-power-automate-http-connector/#azure-key-vault

Summary:

Custom Connector can be used to call a SharePoint REST api in the context of the user. If you are visiting my blog for the first time, please do look at my other blogposts.

Do you like this article?

Subscribe to my blog with your email address using the widget on the right side or on the bottom of this page to have new articles sent directly to your inbox the moment I publish them.