Recently I had to read some REST API data using an Azure Logic App. The data itself comes from AFAS, a Dutch SaaS ERP company. In general, the process is mostly the same as reading the data with Azure Data Factory (check out this blog post to learn more):
There’s a minor difference in how you need to handle the token in Azure Logic Apps, compared with how you do it in ADF. Which is the reason for this blog post.
First, create a new Logic App (of the type consumption, which is basically serverless) with an HTTP trigger.
Since our AFAS token is kept in Azure Keyvault, we’re just going to save the Logic App as-is.
Exit the designer and go to the Identity section. There, enable a system-assigned identity.
We’re going to use this identity to get the secret from Azure Key Vault. But first we need to create an access policy in our vault that grants the necessary permissions to this identity.
In the new access policy, assign the Get and List Secret permissions.
Choose the system assigned managed identity of the Logic App as the principal for the access policy.
Back in our Logic App, add an Azure Key Vault action of the type Get Secret. First you’ll be asked to create the connection to the Key Vault. Make sure to select managed identity as the authentication type.
After connecting, select the desired secret from the dropdown.
As a reminder, the token should have the following format:
<token><version>1</version><data>123</data></token>
Now we can add an HTTP action, which will be used to do the REST API call. The URL should be something like https://xxx.rest.afas.online/ProfitRestServices/connectors/mygetconnector, where xxx is your company code in AFAS. Up to this point, everything is the same as in ADF. In our HTTP request, we also need to specify the token so we can authenticate with the REST service. This is done by specifying an Authorization header, with the content “AfasToken xyz”, where xyz is the base64 representation of the token. In ADF this looks like this (again, check out this blog post for more info):
Let’s try the same in the Logic App.
The following expression is used to set the value for the Authorization header (which is very similar to the ADF expression):
concat('AfasToken ',base64(body('Get_secret')?['value']))
However, when we execute the Logic App, it is possible it fails with an authorization error (which was the case when I initially developed the Logic App). When writing this blog post it obviously succeeded from the first try, so the error is apparently hard to reproduce. Anyway, if you get the authorization error, you might try another method to pass the token. Instead of directly specifying the header, we can add a parameter to the HTTP action. There’s only one available: authentication.
Set it to type Raw, and then specify the expression we used earlier:
This should make the Logic App succeed:
I'm hosting a free webinar at MSSQLTips.com at the 19th of December 2024, 6PM UTC.…
The slides and scripts for my session "Tackling the Gaps & Islands Problem with T-SQL…
Sometimes your Microsoft Entra ID account (formerly known as Azure Active Directory) is added as…
In Azure Data Factory (ADF, but also Synapse Pipelines and Fabric Pipelines), you have a…
I wrote a piece of SQL that had some new T-SQL syntax in it: IS…
I'm very excited to announce I've been selected as a speaker for dataMinds Connect 2024,…