david wyattThere's a fantastic tool built into all web browsers called Developer tools, and one of its best features to use is the Network tab.
The Network tab tracks all API communication between the site and the server, and reading it allows you to understand how a site works. After looking for the Power Platform I found 4 main API's, so this blog is all about explaining them and some of the end points.
For first a little back story...
History
When the Power Platform was first built it was more front end then back end, with each part of the platform distributed across Azure rather then the Power Platform.
This meant there multiple systems working together rather then one platform:
Flow
Power Automate was originally called Flow (a name I still kind of prefer 😎), in a nut shell it was an abstraction of Logic Apps.
Canvas Apps
WYSIWYG builder to create React based web apps.
Dynamics
Model Driven Apps and Common Data Model tables (now Dataverse).
Power BI
Eventually integrated into Model Driven apps but at first name only.
Power Platform
The tools to build environments, DLP polices, etc.
This 'collection' of tools worked but because it wasn't consolidated it had a few challengers, in particular:
- Unable to reuse/leverage across tools
- ALM fragmented
- Agility limited as new tools would start from scratch
So Microsoft pivot to a Dynamics first approach, with everything moving into the CDM (now Dataverse), this is most evident in solutions. As if you add a flow/app to a solution it is now 'solution-aware', which means its now in Dataverse. But not quite, except for PVA/Copilot studio and Power Pages (which were created with Dynamics from the beginning/moved over from Adxstudio):
Power BI
Never could move so is now planning a divorce and to run off with Fabric.
Power Automate
Although now stored in the workflows table they are cloned into the old Flow area when run for the first time (The resourceId is the guid for the flow there).
Power Apps
Flows at their heart are a simple json, Canvas Apps are a lot more complex, so they are still fully stored with old area, with their metadata now in the canvas table.
So with this complex history you can see why we ended up with multiple API's, and the 4 main are:
api.bap.microsoft.com
api.flow.microsoft.com
.api.powerplatform.com
.crm.dynamics.com
There are lots of API's used but I would not call them 'Main' even BAP is a little bit of a stretch. There is even a .api.powerapps.com that pops up, but not quite often enough for this blog. There is another API that could be a 'main' API, and that's the Graph API, but its far too big to even scratch the surface in this blog.
Business Application Platform (BAP)
.api.bap.microsoft.com
The Power Platform is part of Microsoft BizApps, so the platform itself uses the BAP API. This is the API you will see in PPAC (Power Platform Admin Centre). You can think of it kind of like the parent API, the Flow API sitting below it.
There is currently no way I can find to give a SPN permissions to use this endpoint, so it is only accessible through the platforms UI (if anyone knows a way please comment). So you can grab the bearer token from the developer tools, or in a Flow use the Super Connector.
It only has $select (select which fields to return) and $expand (bring in fields from other tables with a relationship to this record).
Here are a few of the endpoints and what they do:
Tenant Info
https://api.bap.microsoft.com/providers/Microsoft.BusinessAppPlatform/tenant?api-version=2020-08-01
You guessed it, returns your tenant id and other info like geo and language.
Tenant Settings
https://api.bap.microsoft.com/providers/Microsoft.BusinessAppPlatform/listTenantSettings?api-version=2021-04-01
Returns all of the current platform tenant level settings values (like Environment Routing and Weekly Digest) and allows you to update them.
Environment List
https://api.bap.microsoft.com/providers/Microsoft.BusinessAppPlatform/scopes/admin/environments?api-version=2021-04-01
In PPAC the environment list screen is populated by this API.
Flow API
.api.flow.microsoft.com
The Flow API is used for all flow actions when they are not solution-aware, and any action that requires none Dataverse data.
This API also includes a admin endpoint, but this requires a different token then the normal endpoints.
/Microsoft.ProcessSimple/scopes/admin/
Examples include getting all of the flow in the admin centre (even if not shared with you).
There are additional geo based prefix (CNAME) endpoints like below, but in my experience theses are optional, with every endpoint working without a prefix:
EU: https://emea.api.flow.microsoft.com/providers/Microsoft.ProcessSimple
UK: https://unitedkingdom.api.flow.microsoft.com/providers/Microsoft.ProcessSimple
US: https://us.api.flow.microsoft.com/providers/Microsoft.ProcessSimple
To call the API you can add the Power Automate permission to your SPN.
Example endpoints include:
List Environments
https://us.api.flow.microsoft.com/providers/Microsoft.ProcessSimple/environments?$expand=properties.permissions&api-version=2016-11-01
Lists all environments you have access too. The list navigation dropdown in the the top right corner of make.powerautomate.com is populated by this API.
List My Flows
https://api.flowdmicrosoft.com/providers/Microsoft.ProcessSimple/{environmentID}/flows?api-version=2016-11-01
Lists all of your flows in an environment, including solution-aware and non solution-aware.
Flow Definition
https://api.flowdmicrosoft.com/providers/Microsoft.ProcessSimple/{environmentID}/flows/{resourceId }?api-version=2016-11-01
Returns the full flow definition (all the actions, connections, etc, the actual flow code).
List Flow Runs
https://api.flow.microsoft.com/providers/Microsoft.ProcessSimple/environments/{enviromentID}/flows/{resourceId }/runs?api-version=2016-11-01
This one is inconsistent, it is suppose to return all flow runs (used on the flow run history screen). But when I have used it in the past it often returned null for solution-aware flows.
Turns flow on or off.
Share Flow
https://api.flow.microsoft.com/providers/Microsoft.ProcessSimple/environments/{enviromentID}/flows/{resourceId }/modifyowners?api-version=2016-11-01&cascadeoperation=true
POST Body
{
"put":[
{
"name": "{entraObjectID}",
"properties": {
"principal": {
"displayName": "{displayName}",
"email": "{email}",
"id": "{entraObjectID}",
"type": "User"
}
}
}
]
}
Platform API
.api.powerplatform.com/powerapps/
The Power Platform API covers 2 main areas, Platform administration (like BAP), and Canvas Apps.
There are 2 prefix domains:
https://{tenantID}.tenant.api.powerplatform.com/
https://{environmentID}.environment.api.powerplatform.com/powerapps/
The environmentID does not follow standard format, as you would expect:
Default-6b6c3ede-aa0d-4268-a46f-96b7621b13a4 but it is Default6b6c3edeaa0d4268a46f96b7621b13.a4
Like BAP currently no way I can find to give a SPN permissions to use this endpoint, so it is only accessible through the platforms UI/Super Connector.
Example end points:
Environment List
https://{tenantID2}.tenant.api.powerplatform.com/powerapps/environments?api-version=1
Lists all environments you have access too. The list navigation dropdown in the the top right corner of make.powerapps.com is populated by this API.
List My Apps
https://{environmentID2}.environment.api.powerplatform.com/powerapps/environment?api-version=1
Lists all apps you are the owner of.
App Details
https://{environmentID2}.environment.api.powerplatform.com/powerapps/apps?api-version=1&$expand=properties.permissions($filter=maxAssignedTo('fbb9632a-3a2f-4a88-bfbf-4aad7a8ca81f'))&$top=4&$filter=classification eq 'OrgGalleryApps' and environment eq '{environmentID}' and name eq'{appID}'
Returns key information about the app.
Share App
https://{environmentID2}.environment.api.powerplatform.com/powerapps/apps/{appID}/modifyPermissions?api-version=1&$expand=properties.permissions&$filter=minimumAppPermission eq 'CanEdit'
POST Body
{
"put":[
{
"properties":{
"roleName":"CanView",
"principal":{
"email":"{email}",
"id":"{entraObjectId}",
"type":"User",
"tenantId":"{tenantId}"
},
"NotifyShareTargetOption":"DoNotNotify"
}
}
],
"delete":[],
"emailCustomizations":{}
}
Shares with user or team (replace type: user with type: team and use security group object id instead of entraObjectId).
Use same properties structure but add to the delete[] array to remove users.
App Shared With Me
https://{environmentID2}.environment.api.powerplatform.com/powerapps/apps?$filter=classification eq 'SharedWithMeApps'&$expand=permissions($filter=maxAssignedTo('{entraObjectId}'))&api-version=1
All apps shared with me (use apps).
Please note, as an environment admin if you want to see all Apps, even ones not shared with you, you can use when Origin is https://admin.powerplatform.microsoft.com.
Dynamics API
.crm.dynmics.com
The Dynamics API is used for all things Dataverse. Built on the Open Data Protocol ([OData])(https://www.odata.org/), it is a versatile API that allows you to edit the tables directly. It has multiple extensibility like filters and selects (more in-depth info here).
Additionally it is the access point for custom API's built within the Power Platform (this includes Low Code Plugins and are thought of as unbound actions).
Lie the Flow API there are geo specific changes. The crm part of the url will be different depending on geo, as example
EU: .crm4.dynamics.com
UK: .crm11.dynamics.com
US: .crm.dynamics.com
All listed here
To call the API you can add the Dynamics permission to your SPN.
Call out, the scope for the API call when authenticating requires the environment url so you would think the token is environment specific, it is not, but it is geo specific. So you can reuse the token on all .crm environments but not .crm4.
The permission can be used as on behalf (the user authenticated against the API, or as App (you give the SPN a role in the environment).
Example OData end points:
List Flows
{dataverseURL}/api/v9.2/workflows
Lists all flows (including Cloud, Desktop and Business)
Turn on Flow
{dataverseURL}/api/v9.2/workflows({flowID})
PATCH Body
{
statuscode:2
}
Turn on a flow (change from Draft-1, to Activated-2
Canvas App Metadata
{dataverseURL}/api/data/v9.2/canvasapps
Does not return actual Canvas App but related data like:
uniquecanvasappid - for powerplatform API
ismanaged - read only or not
cdsdependencies - components of the App (not solution components)
Example Bound end points:
Share A Record
{dataverseURL}/api/data/v9.0/GrantAccess
{
"Target": {
"{tableIDField}": "{recordID}",
"@odata.type": "Microsoft.Dynamics.CRM.{tableName}"
},
"PrincipalAccess": {
"Principal": {
"systemuserid": "{systemuserID}",
"@odata.type": "Microsoft.Dynamics.CRM.systemuser"
},
"AccessMask": "{access}"
}
}
Shares a record, with the AccessMask setting permission levels (ReadAccess, WriteAccess, AppendAccess, AppendToAccess, CreateAccess, DeleteAccess, ShareAccess, AssignAccess)
As you can see, the evolution of any platform creates a tangle of API's, but understanding them helps you understand the platform as a whole.
The above is just a small selection, there are so many more cool ones I have found, and more to find 😎
I've been working on documenting all of APIs (follow me for when that comes available but it already feels like painting the Forth Bridge), it's going to be a mix of undocumented (like BAP) and useful in general.
In the meantime I have all I have identified so far (56) in postman collections here.
I've had a few requests for a mailing list to alert new blogs, if you would like to get notified every new blog (I also do a few in the Power Platform Community), subscribe below
Subscribe to David Wyatts Blogs
powerdevbox.com
You will be pleased to know I built the mailing system myself in Power Automate, so if it doesn't work you know why 😎
