Triggering a Power Automate HTTP Trigger from External Applications - testing with Postman

Triggering a Power Automate HTTP Trigger from External Applications

For production environments, manually triggering a Power Automate flow via an HTTP trigger from external applications (.NET, React, or Agents Toolkit) requires Entra ID authentication if only users within the tenant can trigger it. If set to ‘anyone’ the Url of the workflow contains a sig parameter which is required to call the flow. This guide walks through the setup and testing process for only ‘any user in my tenant’. The next blog post will cover how to invoke a power automate flow from a declarative agents built using Agents Toolkit.

Step 1: Configure the HTTP Trigger

Create a flow with the When a HTTP request is received trigger. Configure it to only accept requests from users within your tenant:

Power Automate User from Tenant

Security Recommendation: Restrict to your tenant for production. Use “Anyone” only for dev/test, and keep the signature value private.

Flow URL (tenant users only)

https://<environmentID>.09.environment.api.powerplatform.com:443/powerautomate/automations/direct/workflows/86ffea6392fe4f3f9555f5e8f9b1f06e/triggers/manual/paths/invoke?api-version=1

Flow URL (anyone, includes sig)

https://<environmentID>.09.environment.api.powerplatform.com:443/powerautomate/automations/direct/workflows/86ffea6392fe4f3f9555f5e8f9b1f06e/triggers/manual/paths/invoke?api-version=1&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=<Signature>

Step 2: Configure Entra ID Permissions

Your Entra ID app registration needs the correct Power Automate permissions:

User Permission added to Entra ID

Add the Power Automate - User permission to your Entra ID app to allow external applications to authenticate.

Step 3: Get an Access Token

Before calling the flow from Postman, obtain an access token from Entra ID. Use your Entra ID app’s credentials:

  • Scope: https://service.flow.microsoft.com//.default (note the double slash before “default”)
  • Client_ID & Client_Secret: From your Entra ID app registration
  • grant_type: client_credentials
  • Method : POST to - https://login.microsoftonline.com//oauth2/v2.0/token

Token fetched from Postman

⚠️ Critical: Use https://service.flow.microsoft.com//.default (with double slash). If you use a single slash, you’ll get this error:

{
    "error": {
        "code": "MisMatchingOAuthClaims",
        "message": "One or more claims either missing or does not match with the open authentication access control policy."
    }
}

The correct output will have the access token

{
    "token_type": "Bearer",
    "expires_in": 3599,
    "ext_expires_in": 3599,
    "access_token": "xxxxxx......xxxxxx"
}

Copy the access token to use in the next call to trigger the Power Automate flow.

Step 5: Call the Flow from Postman

Once you have the access token, make an HTTP POST request to your Power Automate trigger URL filling the following information:

  • Authorisation > Auth type = ‘Bearer Token’ , Token =
  • Method POST to https://.09.environment.api.powerplatform.com:443/powerautomate/automations/direct/workflows/86ffea6392fe4f3f9555f5e8f9b1f06e/triggers/manual/paths/invoke?api-version=1

Trigger from Postman