Microsoft Graph is a collection of APIs that enable us to access data in the Microsoft Cloud platform. There are lots of useful APIs that we can play with to connect the dot from 1 application through another. For example, we can get data for Users, manage Calendars, etc. Today, we will learn how to consume Microsoft Graph API using Power Automate. For the demonstration purpose, we will call List user API.
Create App Registration
The first thing we need to do is to create App Registration in our Azure AD. Go to portal.azure.com > Azure Active Directory > App registrations blade > click New registration button.
Once the page loaded, give the app Name > select Accounts in this organizational directory only.. option > click Register button.
Then we can go to Certificates & secrets blade > New client secret button > fill in the Description > click Add button.
Once the saving process is done, you need to copy the Secret’s Value and save the value for later use.
The next thing is to assign the API permissions. Because we will call List user API, we need to add either one of these roles: User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All permissions. For more detailed information, you can click this link. (Updated 7 Nov 2021: Thanks to Bipin Kumar for pointing out the correct setting for this).
To set this, we need to go to API permissions blade > Add a permission button > select Microsoft Graph > then we need to choose Application permissions because we will use the server to server Authentication + Authorization > then we need to select the permission required (I select User.Read.All).
Once we set it, we need to click the Grant admin consent … button. The purpose of this step is to make sure that the Application is authorized as Admin.
Once we can go to the Overview blade to get all the information we need (Application /Client Id, Tenant Id) to be used in the next step.
Testing The Authorization Using Postman
To get the access token, you can import this collection. The one we will use is the Use Client Credential with shared secret (in the folder OAuth 2.0 Client Credentials flow). In this request, you just need to set the TenantId, ClientId, and ClientSecret. Below is my sample when I testing it:
We can verify the access token that we get from the above in the jwt.ms page. We just need to copy the access token and paste it there to see if our setup earlier is correct. Below is the sample if we successfully setup it:
Create The Flow
The last step is to create the Flow. Because we will use the x-www-form-urlencode and I didn’t know how to set it up in the Flow, I found this blogpost that helps me to overcome this issue.
Open the make.powerapps.com > go to Flows blade > click New Flow button > set the flow name > choose Manually trigger a flow > click Create button.
Insert a new step and fill it like below:
You can click save and try to test it. Once your Flow is successfully invoked, you can get the response and create a new step to parse the JSON (copy the body response and click Generate from sample button (on Parse JSON action, and paste there).
In the last step, we will use the access token that we get, to the HTTP action. Here is my action to call the List user API: