Trying to use PATCH with Microsoft HTTP
I've been trying to get a HTTP request using the Microsoft connector to work for a while now and I've been having problems with the Authorization and Subscription Key. I have read the Tutorial a dozen times and it has some confusing parts when you are using it in Power Automate. I am NEW to this token stuff.
I got a token from Postman which I know expires after 60 minutes, I'll deal with refreshing the token after I figure this out.
In the Authorization line after Bearer is my token from Postman. Nothing added to it although I did read that maybe I needed to add this: The value must have the format: Basic <base 64-encoded Application ID:Application secret> I tried adding that and still didn't work.
Then in my Bb-Api-Subscription-Key Compose is my key from my application. It's not encoded.
I'm currently getting the error “Access denied due to invalid subscription key. Make sure to provide a valid key for an active subscription.”
Comments
-
@Carol Grant
This is my HTTP PATCH:
this is what authorization token should look like: (i changed out some of the alphanumeric so this isn't real, but want you to see what the token looks like)
eyJhbGciOiJnYWxlbnRpdHluYW1lIjoEVjZzVkxIM0FtU1JTbUZqMk04Wm5wWHU3WSIsInR5cCI6IkpXVCJ9.eyJhcHBsaWNhdGlvbmlkIjoiZDNjZThlYzQtYTk2Ny00Mjk5LTljMmMtNzI4MWNlZWU3NmZlIiwiZW52aXJvbm1lbnRpZCI6InAtaHpwbVA2dGFrVXIiwiZW52aXJvbm1lbnRpZCI6InAtaZW50bmFtZSI6IkZJREYgTlhUIFByb2R1Y3Rpb24gRW52aXJvbm1lbnQiLCJsZWdhbGVudGl0eWlkIjoicC1mUVFsWV9nMHIwR2MwXzRvM1J4dWFnIiwibGVnYWxlbnRpdHluYW1lIjoiRnJpZW5kcyBvZiB0aGUgSXNyYWVsIERlZmVuc2UgRm9yY2VzIC0gTmV3IFlvcmsiLCJtb2RlIjoiRnVsbCIsInpvbmUiOiJwLXVzYTAxIiwibmFtZWlkIjoiMDUwZTliMGMtYTA2Ni00NDAzLWExZjItMjg2ODExODExM2ZmIiwianRpIjoiMGJjYzAxODctN2UxZi00YWU2LTgyNWMtN2JhYTkxM2JiYmE4IiwiZXhwIjoxNzIwMDE1NDQyLCJpIiwiZW52aXJvbm1lbnRpZCI6InAtah0dHBzOi8vb2F1dGgyLnNreS5ibGFja2JhdWQuY29tLyIsImF1ZCI6ImJsYWNrYmF1ZCJ9.Rp4uj8_3N1uE5amxpp7j4sA--X9Yc4ISntLOBjdTHmnxf0WPrd9HE_NUru8ogBof5UVn7hf4MwNat7_jlMdTtB6h-aN32LNA1UOeiVbpNxQcbfUGtXyAUTVzFLvmF-5hqJbIiKF2s4S3sNF7z-_Ea1iP8URTyosn6iuqV9s-q3-91IPsrx4bo7QRr-CzMTWxjdQyI787Uej_gU5HPUYs_sIiwiZW52aXJvbm1lbnRpZCI6InAtamWNlALQHWE0GjL3sOORAZmcubxPmfpMLSxWwtnVM2hOJ5HtYRGLirjpyGHXw0CsaTV7FIiwiZW52aXJvbm1lbnRpZCI6InAtaOA
0 -
The “Basic <base 64-encoded Application ID:Application secret>” is what is known as “Basic authorization” (essentially, it's the “username + password” of your SKY application). It is the authorization protocol used when calling the OAuth /token endpoint (to acquire an access token from an authorization code, or to refresh an expired access token). It's not the authorization protocol used when calling the SKY API (that's the OAuth “Bearer” protocol).
As Alex's post shows, if you have an access token from Postman you can provide it in the Authorization header as “Bearer YOURACCESSTOKEN”.
That said, from the error message you report I think the problem is with your API key not the access token?
(and all of this hassle is because of the issue using PATCH endpoints with the SKY Add-ins connector, which is a bug on the Microsoft side that I know Blackbaud is still pushing them to fix)
0 -
@Ben Lambert
There shouldn't be colon after “Bearer”, if you use the SKY API Console, and look at the header:
You can see the colon is to separate the field/value pair in the header, which is Authroization:
0 -
@Alex Wong
Argh! You're right Alex, my mistake I was totally thinking about something else (need more coffee this morning). I removed that comment from my post.Sorry for the confusion Carol!
1 -
@Ben Lambert @Alex Wong - thank you both!
I don't see anything wrong with the way I'm calling it. My token does look like Alex's, begins with “eyJhbGciOiJSUzI1NiIsImt….”, it's pasted in from Postman.
Maybe it's my application. I created an application called “Postman” for testing purposes. Added it to the Environment. I'm using that Client ID and the application secret from that to get my token in Postman.
Then in the flow, I'm putting the same application secret into the Bb-Api-Subscription-Key. Is that correct or should I be using a different client secret?
0 -
@Carol Grant
Then Ben is spot on, your issue is with the Subscription Key, which is not the application secret.You find subscription key under developer account > My subscription
3 -
@Alex Wong now I'm getting “Encountered internal server error. The tracking Id is 'c1684193-0514-4811-94b1-5694fe46a153'.”
I tried a different assignment ID and same error. I looked at Common Issues and it said to look at the Blackbaud Status page. LOL- I don't think the server is down.
0 -
@Carol Grant
your auth token expired, get a new one from postman for now and try again0 -
@Alex Wong- I finally figured out that I did not give my application the SCOPE for Limited or Full Data Access. That's something I didn't need to do before. It was on No Data Access so my token wasn't working. I recreated the token after authorizing the change in scope for the application.
Rookie mistake but it WORKS now! Thank you and @Ben Lambert for chiming in.
2 -
@Alex Wong - Hi Alex, I figured I would continue on this post about the token refresh. I'm having issues refreshing the token I use for this PATCH http request. I'm searched this forum for any answers, read the tutorial and I did come across your Refresh token http call. This worked for me once but the token I got back did not work.
I get my token from Postman which is good for 60 minutes. Works great. Then a little before the 60 minutes is over I go to this flow with this call. I'm putting the refresh token from Postman into the refresh_token=Output. It's a shorter code- only one line. Is this correct or do I put in my original token?
Or do I even need this if I have the Postman refresh token button clicked. It will refresh the token after expiration, then I can use that one. Such a newbie with this!
0 -
@Carol Grant
I think best to automate and forget.So use postman to get 60-min auth-token and 365-day refresh-token.
create a SharePoint list (or anywhere else you like that's secure and no one unauthorized have access) and save these 2 token to it.
create a flow that runs every 59 minutes (you can always refresh the auth-token using refresh-token in each flow before you need to use PATCH, BUT creating this 59min recurring flow will allow you to just get the auth-token in SP list and use right away without worrying about refreshing first, there is pro/con of this, you can gauge yourselves).
The refresh HTTP action is like this:
use a Parse JSON on the body of the HTTP dynamic content {
"type": "object",
"properties": {
"access_token": {
"type": "string"
},
"token_type": {
"type": "string"
},
"expires_in": {
"type": "integer"
},
"refresh_token": {
"type": "string"
},
"environment_id": {
"type": "string"
},
"environment_name": {
"type": "string"
},
"legal_entity_id": {
"type": "string"
},
"legal_entity_name": {
"type": "string"
},
"user_id": {
"type": "string"
},
"email": {
"type": "string"
},
"family_name": {
"type": "string"
},
"given_name": {
"type": "string"
},
"refresh_token_expires_in": {
"type": "integer"
}
}
}
Use the above JSON schema.
Then your auth-token is @{body('Parse_JSON_of_Refresh_Auth_Body')?['access_token']}
and your new refresh-token is @{body('Parse_JSON_of_Refresh_Auth_Body')?['refresh_token']}
which you can save/overwrite the auth-token and refresh-token in your SP list.
0 -
@Alex Wong- thank you! Is the refresh token from Postman shorter than a regular access token? I want to make sure I'm putting the right token into the POST refresh token area.
0 -
@Carol Grant
yes a lot shorter. 32 alphanumeric characters to be exact1
Categories
- All Categories
- 6 Blackbaud Community Help
- High Education Program Advisory Group (HE PAG)
- BBCRM PAG Discussions
- Luminate CRM DC Users Group
- DC Luminate CRM Users Group
- Luminate PAG
- 186 bbcon®
- 1.4K Blackbaud Altru®
- 389 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 1K Blackbaud CRM™ and Blackbaud Internet Solutions™
- 14 donorCentrics®
- 355 Blackbaud eTapestry®
- 2.4K Blackbaud Financial Edge NXT®
- 616 Blackbaud Grantmaking™
- 542 Blackbaud Education Management Solutions for Higher Education
- 33 Blackbaud Impact Edge™
- 3.1K Blackbaud Education Management Solutions for K-12 Schools
- 909 Blackbaud Luminate Online® and Blackbaud TeamRaiser®
- 207 JustGiving® from Blackbaud®
- 6.2K Blackbaud Raiser's Edge NXT®
- 3.5K SKY Developer
- 236 ResearchPoint™
- 116 Blackbaud Tuition Management™
- 375 YourCause® from Blackbaud®
- 160 Organizational Best Practices
- 232 The Tap (Just for Fun)
- 31 Blackbaud Community Challenges
- Blackbaud Consultant’s Community
- 19 PowerUp Challenges
- 3 Raiser's Edge NXT PowerUp Challenge: Gift Management
- 4 Raiser's Edge NXT PowerUp Challenge: Events
- 3 Raiser's Edge NXT PowerUp Challenge: Home Page
- 4 Raiser's Edge NXT PowerUp Challenge: Standard Reports
- 4 Raiser's Edge NXT PowerUp Challenge #1 (Query)
- 71 Blackbaud Community All-Stars Discussions
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- 743 Community News
- 2.8K Jobs Board
- Community Help Blogs
- 52 Blackbaud SKY® Reporting Announcements
- Blackbaud Consultant’s Community
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)
- Blackbaud Francophone Group
- Blackbaud Community™ Discussions
- Blackbaud Francophone Group