Announcing Flow Studio MCP

/

We are introducing our favourite new child to the Flow Studio family of tools. This is Flow Studio MCP.

Flow Studio MCP

Flow Studio MCP is a purpose-built MCP server that lets GitHub Copilot, Claude, and other AI agents build, deploy, debug, and monitor Power Automate cloud flows programmatically.

You can get started as quickly as:

  1. Start a trial

  2. Grant Flow Studio permission to access your Power Automate platform

  3. Copy the generated x-api-key and pass it to your agent to setup MCP

When you give agents much broader access to Power Automate platform, there are a bunch of scenarios we now have. These are some ideas that your agent can now assist you to do:

Maker

You can ask your Agent to build new flows based on existing ones. Ask it to change email template across every flow. Ask it to switch connection references. Rename compose or other glaring problems. Insert Compose blocks or Note text to help you remember the logic. Update description on every flow.

Operator

You can ask your Agent to monitor key business critical flows. Dive and debug the issue. Generate operational reports. You can ask agent to review critical approval workflow runs and generate Gantt chart view of key approval dates.

Support

Your agent can help you debug flows quickly. You can tell agent to quickly find the failed runs and find the error. Explain it to you, then offer suggestions on how to fix it.

Dev Ops

You can ask Agent to review different environments between DEV, UAT and PROD, compare the differences, and tell you if you didn’t bring a critical production hotfix back into DEV.

Administrator / COE

You can ask Agent to help you review COE issues, connections. We all know COE is unmanageable. Use an Agent to help you bring it under control.

You can also read about Catherine’s story of how we came to realize we can build a Flow Studio MCP and keep an eye out for our demo YouTube videos that we’ll be putting out.

Flow - lightweight fast template engine using Split twice

/

Technique 2 — Building a Lightweight Template Engine (Using Split Twice)

Take this example (using a handle-bar stil syntax)

ABC {{def}} GHI {{jkl}} MN

Using a dictionary (Compose)

{
  "def": "fish 🐟",
  "jkl": "chips 🍟"
}

We want to build a mini-template engine.
Now you might think - ah ok, let’s get some variables in here.

But John really dislikes variables in fact most of these flow hacks are how to not use variables. So how do you do this without variables?

1. Split on {{

split(outputs('Compose'), '{{')

result 

[ 
  "ABC ",
  "def}} GHI ",
  "jkl}} MN"
]

2. Split each on }}

inside each item, split again

split(item(),'}}')

So now our original string becomes either:
["ABC "]

or

["def"," GHI "]

Recap, combine step 1 and 2

Select:
  from: split(outputs('Compose'), '{{')
  item: split(item(), '}}')

3. Conditional replacement using dictionary lookup

if(
  equals(length(item()),2),
  concat(
    outputs('Dictionary')?[item()?[0]],
    item()?[1]
  ),
  item()?[0]
)

Hidden insight

So the trick is this. If the row has 2 elements, that means the first element is a token, the rest is the remainder. If the row has only 1 element - then just return that.

[
  item()[0],
  dictionary[item()[0]] item()[1],
  dictionary[item()[0]] item()[1]
]
==>
[
  "ABC",
  "fish 🐟 GHI",
  "chips 🍟 MN"
]

If you want your dictionary lookup to be case insensitive, you can add toLower() to wrap around item()?[0]

4. Join it all together

join(body('Select'),'')

Result

ABC fish 🐟 GHI chips 🍟 MN

No loops.
No apply-to-each.
No regex.
No variables.
Super fast zero-second action.

This technique lets you:

  • Build dynamic email templates

  • Create server-side HTML rendering logic

  • Replace merge fields safely

  • Do token replacement in Dataverse text

  • Build dynamic document generators

All using standard Power Automate expressions.


Flow - character replace pattern with chunk()

/

Hi, it’s 5am, I can’t sleep, I had these two Flow ideas that are really cool.

First is a super fun trick with

  • chunk()

  • Select

  • join()

  • coalesce()

No loops.
No variables.

First problem - string character replacement - safe HTML normaliser

Let’s start with this string

Test <b>HTML</b> & special chars: < > & " '
Name: O'Brien

Now imagine this text is:

  • coming from Dataverse

  • pasted by a user

  • generated by AI

  • injected into HTML email

  • rendered inside a PDF

If you don’t escape it properly… things break.

We want to safely replace:

Character Replace With
< &lt;
> &gt;
" &quot;
' (optional smart quote)

Power Automate doesn’t give us a multi-replace expression. You’ve probably done this type of replace-replace before

replace(
      replace(
        replace(
          replace(
            replace(
              string(outputs('Compose')),
              '&','&amp;'
            ),
            '<','&lt;'
          ),
          '>','&gt;'
        ),
        '"','&quot;'
      ),
      '''','&#39;'
    )

So the clever hack I have is this:

1. Use chunk to break string into char array

chunk(outputs('Compose'),1)

2. Use Select action to map this array with a formula that replaces certain characters

Select
from: 
  chunk(outputs('Compose'),1)
select: 
  coalesce(
    if(equals(item(),'&'),'&amp;',null),
    if(equals(item(),'<'),'&lt;',null),
    if(equals(item(),'>'),'&gt;',null),
    if(equals(item(),'"'),'&quot;',null),
    if(equals(item(),''''),'’',null),
    item(),
    null
  )

We are testing each character in order:

  1. If < → return &lt;

  2. If > → return &gt;

  3. If " → return &quot;

  4. If ' → return

  5. Otherwise → return original character

coalesce() returns the first non-null value.

3. join it back together

join(body('Select'),'')

Why not just use Replace?

You could chain:

replace(replace(replace(...)))

But:

  • It becomes unreadable fast

  • Order matters (you can double-encode)

  • It doesn’t scale well

  • It’s painful to debug

Using chunk() + Select():

  • You see exactly what happens per character

  • It’s safe

  • It’s predictable

  • It’s extensible

It’s basically a mini parsing engine.

The Hidden Insight

The real trick isn’t escaping characters.
The trick is this:

Turn string → array → transform → join.

Once you realise Select is a map function…

Flow Studio DevLog: reported for phishing and woes of Cloudflare

/

This is a quick blog post, but also REALLY IMPORTANT, concerning Flow Studio App (flowstudio.app) - the main, root URL.

What’s happening right now

Right now, if you navigate to the root url flowstudio.app, you’ll get a really scary looking warning page from CloudFlare.

You can prove you are a human, and click Ignore & Proceed. Then you can still use Flow Studio App without any issues. But… most people will hold back and think wait what’s going on.

What is the root cause

flowstudio.app is the root of our website and saas app. There is Javascript code in the Angular web application that says: if you have logged in before, and you return, but your login has expired, then redirect you to re-login (via Microsoft). It happens really fast, so the user must have thought hmm I click flowstudio.app but it immediately redirected me to login with my Microsoft Account. 😱 This must be phishing.

So we got reported, a false report, but still a report. We were reported on 04 September 2025. That’s a whole two weeks ago!

The report is only affects our root page: https://flowstudio.app
It doesn’t affect other pages: https://dev.flowstudio.app or https://powerstudio.app (these are all fine because there’s really nothing wrong with the Angular app).

How to blame CloudFlare without blaming CloudFlare

The company that gives free CDN and DNS routing, and saves me gigabytes of cached data, is also the one that takes away.

Their support, at least on the free or lower-end tiers, are non-existent. I’ve submitted for a review within the week, but so far, I’ve not heard back, and the scary warning remained. Their reputation on reddit around support is awful, so I’m not holding my breath.

Flow Studio’s google ranking has tanked and visitor is now null.
Ouch!

What we are going to do about this

First, we have moved the app to a separate subdomain, previously we have:

https://dev.flowstudio.app (this has always been our dev branch which doesn’t have the warning)
We are now adding https://prod.flowstudio.app which is where the App will live from now on.

Second, we will deploy a static Azure Static Web App for https://flowstudio.app which will link to our various product tiers and offerings. Initially, this will mirror a basic version of the previous Flow Studio home page, but over time we’ll improve the design separately.

Third, for now, CloudFlare still has to manage the various DNS subrecords, but we won’t use CloudFlare to Proxy (and CDN) our https://flowstudio.app home page. Which will allow us to control our landing experience again.


You’ll see some web updates through this weekend. Thank you for your support and please feel free to reach out if you see any unexpected results or issues.

About: The old trigger URL will stop working on November 30, 2025

/

Starting in August 2025, we’ve begun to see this warning a lot in our Power Automate flows that uses HTTP Request (or Team Webhook) triggers.

The old trigger URL will stop working on November 30, 2025. Your tools that use this flow WILL break unless you update them with the new URL.

The old url uses the logic app domain: 

https://*.logic.azure.com/workflows/{flow-name}/triggers/manual/paths/invoke

The new URL uses a largely undocumented api.powerplatform.com domain. 

https://{environment-name}.environment.api.powerplatform.com/powerautomate/automations/direct/workflows/{flow-name}/triggers/manual/paths/invoke

Why New URL?

The NEW URL looks to be more future proof and ties the invoke URL to the environment and flow name within Power Platform, rather than the underlying logic apps infrastructure.

Microsoft’s documentation is here: Changes to HTTP or Teams Webhook trigger flows

Flow Studio new feature: Flow (Request) Report

To help with updating these URLs, we decide to put in a special View and Report for this in Flow Studio. Here, we are doing 4 things:

  • This report shows flows that use the "When an HTTP request is received" trigger. These flows can be triggered externally via HTTP requests, making them suitable for integration scenarios.

  • First we do a scan of all the environments and find all your flows that use this trigger. This may take a few minutes depending on the number of environments and flows.

  • Then for each flow we will need to check the flow definition to extract the old and new request URL and method.

  • We also need to check the flow's run history to see if it has been triggered recently. This will help us identify active flows.

We present this in a quick table for you to browse, but also provide an Export to Excel functionality so you can decide how you want to tackle the list.

Permissions

Because of the API access we need to read definition and trigger callback URL, this is not a scan we can do at the admin level - it has to be the owner of the flows.

You can find this new feature in our dev build:
https://dev.flowstudio.app