Setting up MSGraph Webhook with HTTP Action in MicrosoftFlow
I've tweeted out several small tidbits of using Microsoft Flow's HTTP action to call the Microsoft Graph.
Hundreds of Graph APIs, dozens of Graph webhooks, one HTTP Action.
This little action continues to amaze me, so I'm putting several examples into this one blog post.
Four Techniques, One Action
- Connect to Microsoft Graph with ONE HTTP Action
- Setting up Microsoft Graph Webhook Subscription
- Paging
- Retry Policy
One HTTP Action
When we set Authentication to "Active Directory OAuth" - we can specify the Client ID / Client Secret in one HTTP action - so we don't need to make two separate calls first to Authenticate and get an access token, then call the flow we want and add the bearer header token.
This one action does it and asks no questions.
- Tenant, Client ID and Client Secret are 3 strings.
- Authority should be set to https://login.microsoftonline.com/
- Audience (resource) should be set to https://graph.microsoft.com
So yep, it's now easier to call any Microsoft Graph API from Flow than C#, PowerShell or JavaScript.
I'm in love with this, because this is way too amazing.
Note - this calls Flow via an App-Only Client ID. If you are looking for delegate calls, you'll need to set up a Custom Connection swagger file. Follow @skillriver https://gotoguy.blog/2017/12/17/access-microsoft-graph-api-using-custom-connector-in-powerapps-and-flows/
Microsoft Graph Webhook - a dozen new triggers
To set up webhook, we need to set up two Flows. The First one is the subscriber.
The subscriber should be set up with a recurring 3 day schedule.
The notificationUrl is the HTTP Trigger URL of the second Flow.
The expiry is 4229 minutes into the future from right now. The maximum value is 4230 minutes. If you go over the subscription call will fail.
On success, the subscription is set up and we are now listening to changes in our tenant's groups.
The Second one is the listener.
The listener needs to handle the validationToken that Microsoft Flow will call to test if your webservice follows the specs.
Read the trigger query string to pull out the validationToken. if the value exists - then this is a set up call. Respond immediately with text/plain 200 text.
Otherwise, we have a real call. This is an event where our resource (in my case, I'm listening to Unified Groups being created and modified in my tenant) tells us something is happening.
I call another Flow to start dealing with the change. The other Flow does not return a response. So the HTTP action can happen quickly as a trigger, and I can return 202 accept response to Microsoft Graph quickly.
This is the message sent from Microsoft Graph to Flow to tell me I've got a new Group created in my tenant.
Episode III in my blog series on Group Management with Flow will cover the webhook in more detail, combining it with a delta query and figuring out what changed.
Pagination
It turns out HTTP Pagination is baked in too.
To set this up - first set a $top in the Microsoft Graph call to artificially limit the number of rows returned.
This will also return a $nextLink
https://developer.microsoft.com/en-us/graph/docs/concepts/paging
Flip to the Settings for the HTTP action by clicking on ...
This lets you turn on Pagination and it will accept up to 5000 items.
The result is that the HTTP action will follow next page links automatically, and return you the entire array of the paged data concatenated together.
Magic. Still one action.
Retry Policy
When calling HTTP (or other ApiConnections, like SharePoint) the default policy of retry 4 times exponentially means that if your action is going to fail, it will fail four times.
When building a Flow and you want it to fail fast - set the Retry Policy to None.
This is useful for calling AzureFunctions as well. AzureFunction through host.json lets us control de-queuing speed and concurrency, but that requires you to use a Queue trigger. When we use HTTP action from Flow - we control the retry / ease off policy through this setting. In this use case, Flow is the orchestrater.
Summary
Calling Microsoft Graph directly with as simple as 1 HTTP request action means that a lot of slightly-more complex task of authenticating, then getting an access token, then calling MSGraph with bearer header becomes a whole lot easier.
And as steps get simpler, we can do a whole lot more.