Overview
Microsoft Graph API offers a single endpoint to connect to data from various services. Power Automate (earlier MS Flow) enables us to design powerful workflows. Calling the Graph API from Power Automate Flow opens a wide range of possibilities. One scenario could be to get things done with application permissions, which otherwise cannot work under user-delegated permissions.
In the article, we will explore a scenario of calling Graph API from Power Automate Flow.
Prerequisites
Before we proceed, make sure you have the below permissions,
- Administrative access to Azure AD of Office 365 tenant
- Permissions to create flow in Power Automate (prior MS Flow)
Create an application in Azure AD
We will start by registering an application in Azure AD. Follow the below steps to create an application in Azure AD,
- Login to Microsoft 365 Portal (https://portal.office.com)
- Open Microsoft 365 admin center (https://admin.microsoft.com)
- From the left menu, under “Admin centers”, click “Azure Active Directory”.
- From the left menu, click “Azure Active Directory”.
- Click “App registrations”.
- Click “New registration”.
- Provide the application name, and supported account type, and leave the Redirect URI blank.
- Click Register.
- Note down Application and Directory IDs to use later in the flow.
- From the left menu, click “API permissions” to grant some permissions to the application.
- Click “+ Add a permission”.
- Select “Microsoft Graph”.
- Select Application Permissions.
- Grant the needed permissions.
- Click “Add permissions”.
Below are examples of the needed application permissions to perform the operations.
Action |
Application permissions |
List owners |
Group.Read.All User.Read.All, Group.Read.All and User.ReadWrite.All |
Add member |
GroupMember.ReadWrite.All, Group.ReadWrite.All and Directory.ReadWrite.All |
Grant required permissions to the application
After creating the permissions, we need to grant consent to the application to allow the application to access Graph API without a consent screen.
- Click “Grant admin consent for …”
- From the left menu, click “Certificates & secrets”.
- Under “Client secrets”, click “+ New client secret”.
- Provide a description and select an expiry time for the secret.
- Click “Add”.
- Make a note of the secret value.
Build Power Automate Workflow
We will start by building flow.
- Navigate to Power Automate in Office 365.
- From the left menu, click Create.
- Select “Instant flow”.
- In the modal dialog, specify the flow name (e.g. Join Private Group).
- Select the trigger as “When an HTTP request is received”.
- Click Create.
- The flow should be created as below.
- Expand the activity “When an HTTP request is received”.
- Click “Generate from a sample”.
- In the popup, add the above request body JSON schema.
{
"groupId":"07c00c4d-6a21-4c51-9545-f2921b4109b0"
}
- Click Done.
- The request body JSON schema will be generated.
- Initialize the variables client ID, directory (tenant) ID, and secret generated from the previous step.
These variables then can be used to make an MS Graph API call.
- Add the “HTTP” activity.
Test Flow with Soap UI
Download the SoapUI from here.
- Select Method as Post.
- Specify the endpoint as HTTP POST URL.
- Specify the header as Content-type with the value application/JSON
- In the Body, specify the JSON.
- Click Send.
- Observe the run history of flow.
Summary
Calling the Graph API from Power Automate Flow opens a wide range of possibilities. One scenario could be to get things done with application permissions, which otherwise cannot work under user-delegated permissions. Power automation flow then can be called from an SPFx solution to build more advanced scenarios.
Please refer to my previous article - Execute Power Automate Workflow from SPFx for more details.