Calling Graph API From Power Automate Flow

Overview

Microsoft Graph API offers a single endpoint to connect to data from various services. Power Automate (earlier MS Flow) enables us to design powerful workflows. Calling the Graph API from Power Automate Flow opens a wide range of possibilities. One scenario could be to get things done with application permissions, which otherwise cannot work under user-delegated permissions.

In the article, we will explore a scenario of calling Graph API from Power Automate Flow.

Prerequisites

Before we proceed, make sure you have the below permissions,

  • Administrative access to Azure AD of Office 365 tenant
  • Permissions to create flow in Power Automate (prior MS Flow)

Create an application in Azure AD

We will start by registering an application in Azure AD. Follow the below steps to create an application in Azure AD,

  1. Login to Microsoft 365 Portal (https://portal.office.com)
  2. Open Microsoft 365 admin center (https://admin.microsoft.com)
  3. From the left menu, under “Admin centers”, click “Azure Active Directory”.
    Microsoft admin
  4. From the left menu, click “Azure Active Directory”.
  5. Click “App registrations”.
    Azure Active directory
  6. Click “New registration”.
  7. Provide the application name, and supported account type, and leave the Redirect URI blank.
    Registration
  8. Click Register.
  9. Note down Application and Directory IDs to use later in the flow.
    Overview
  10. From the left menu, click “API permissions” to grant some permissions to the application.
  11. Click “+ Add a permission”.
    API permission
  12. Select “Microsoft Graph”.
    Microsoft APIs
  13. Select Application Permissions.
  14. Grant the needed permissions.
  15. Click “Add permissions”.
    Request API
    Below are examples of the needed application permissions to perform the operations.
    Action Application permissions
    List owners Group.Read.All User.Read.All, Group.Read.All and User.ReadWrite.All
    Add member GroupMember.ReadWrite.All, Group.ReadWrite.All and Directory.ReadWrite.All

Grant required permissions to the application

After creating the permissions, we need to grant consent to the application to allow the application to access Graph API without a consent screen.

  1. Click “Grant admin consent for …”
    Calling Graph API From Power Automate Flow
  2. From the left menu, click “Certificates & secrets”.
  3. Under “Client secrets”, click “+ New client secret”.
    Certificate
  4. Provide a description and select an expiry time for the secret.
    Add a client secret
  5. Click “Add”.
  6. Make a note of the secret value.
    Client secrets

Build Power Automate Workflow

We will start by building flow.

  1. Navigate to Power Automate in Office 365.
  2. From the left menu, click Create.
  3. Select “Instant flow”.
    Create
  4. In the modal dialog, specify the flow name (e.g. Join Private Group).
  5. Select the trigger as “When an HTTP request is received”.
    Build an instant flow
  6. Click Create.
  7. The flow should be created as below.
    Join Private group
  8. Expand the activity “When an HTTP request is received”.
  9. Click “Generate from a sample”.
  10. In the popup, add the above request body JSON schema.
    {
       "groupId":"07c00c4d-6a21-4c51-9545-f2921b4109b0"
    }
    
  11. Click Done.
  12. The request body JSON schema will be generated.
    URL
  13. Initialize the variables client ID, directory (tenant) ID, and secret generated from the previous step.
    These variables then can be used to make an MS Graph API call.
    HTTp
  14. Add the “HTTP” activity.
    Method

Test Flow with Soap UI

Download the SoapUI from here.

  1. Select Method as Post.
  2. Specify the endpoint as HTTP POST URL.
  3. Specify the header as Content-type with the value application/JSON
  4. In the Body, specify the JSON.
    Endpoint
  5. Click Send.
  6. Observe the run history of flow.
    Calling Graph API From Power Automate Flow

Summary

Calling the Graph API from Power Automate Flow opens a wide range of possibilities. One scenario could be to get things done with application permissions, which otherwise cannot work under user-delegated permissions. Power automation flow then can be called from an SPFx solution to build more advanced scenarios.

Please refer to my previous article - Execute Power Automate Workflow from SPFx for more details.


Similar Articles