Press enter to see results or esc to cancel.

Azure App Services Series – Finding #2: Logic App Workflow API documentation is incomplete

This blog post is one of many of a series we have about Microsoft Azure App Services. See a list of all our findings here.

Introduction

With the release of Logic Apps, Microsoft also releases the Workflow Management API. An API to use for getting access to the workflow of your logic apps allowing you to easily enable, disable workflows, get the status, etc.

Microsoft’s documentation of the API is incomplete and not clear which of the API calls are working in the current release of the API.

This API is allowing you to monitor Logic Apps with Integration Manager‘s monitoring feature!

The Problem

Problem #1: Incomplete documentation

According to the documentation the URI to the calls is:

https:///subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{workflowName}?api-version=2015-02-01-preview

This is wrong of course, you can clearly see that something is missing in the beginning of the URI.

It’s the URI to the region of the Logic App. For example: northeurope.logic.azure.com. The URI to call the API should look like this (example below):

https://northeurope.logic.azure.com/subscriptions/72bad97c-b0ce-40a3-a300-d36e50de34fe/resourceGroups/Default-Web-NorthEurope/providers/Microsoft.Logic/workflows/FTP2BTnoIM?api-version=2015-02-01-preview
Problem #2: Not all of the API calls documented are working (yet)

We did not manage to get many of the API calls to work. In fact, we only did manage to get one call to work – triggering the action by calling the /run method of the API. Most of the others (we did not test all) return 404 not found when calling the API.

Problem #3: There is no documentation about authenticating against the API

The documentation says nothing about how the authentication looks like, which makes the documentation somewhat useless!

For your interest, the authentication type supported is Basic. A username is created on logic app create which is ‘default‘ and the password to use is the primary key (not sure if the secondary works as well) which you can find in the logic apps properties blade of the Azure portal (see screenshot 1).

Screenshot 1 - Primary Access Key
Screenshot 1 – Primary Access Key

So the proper way of authenticating against the API is to send the Authorization header with your Basic username/password value – see example below:

Authorization: Basic YOURENCRYPTED(default:primaryAccessKey)
  • IlyaGrebnov

    Hey, sorry MSDN documentation is pretty bad. We are in the process of fixing this.

    Logic Apps support two API endpoints: management and direct access with different authentication schemas.

    Management API is hosted under https://management.azure.com
    You use AAD Bearer token: https://msdn.microsoft.com/en-us/library/azure/dn790557.aspx

    Direct API is hosted under https://{region}.logic.azure.com
    You use Basic Auth. call
    /subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Logic/workflows/{flowName}/accessKeys/default

    to get keys usign management API.

    Direct API allow you to perform operations under following scopes (usefully for triggering workflow and monitoring progress):

    subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Logic/workflows/{flowName}/run[s]…
    Please feel free to send me email ilygre@microsoft.com I will be happy to clarify other details.

  • IlyaGrebnov
  • Stephen S. [stepsic@MSFT]

    Hello, the documentation has been updated here: https://msdn.microsoft.com/en-US/library/azure/dn948513.aspx , please let us know if you encounter any further issues.

    • integrationsoftware

      Thanks for the info Stephen and Ilya – I will check the new documentation and going to work with the API and will get back to you 🙂