How-to: Call SharePoint REST API with application permissions from Azure Logic App with Azure Key Vault and Managed Identity

If you have a need to interact with SharePoint API from Power Automate \ Logic Apps, most likely you would select SharePoint connector, which uses user identity for authentication. However, it's also possible to connect to SharePoint REST API with application permissions and certificate authentication. It's fairly easy if you have an Azure Key Vault. 

Here is what steps needed. More...

Simplify secret keys management for M365 applications with Azure Key Vault and Azure Managed Identity

Azure Key Vault simplifies a lot of things when it comes to secrets, passwords, certificate management. There are a lot of different ways of using it for different apps or services. In this post I'm going to cover below scenario: 

  • we have a service, running in the background, which connects to SharePoint API and performs some operations. As a good example, it might be a SharePoint PnP provisioning process running as a daemon through azure functions or azure web job
  • the provisioning process uses Application permissions to access SharePoint API, thus uses certificate-based authentication through Azure AD auth
  • all authentication secrets (certificate in our case) are stored in Azure Key Vault 
  • we do not store any secrets anywhere except Azure Key Vault (not locally in code and not in the azure function or job configuration)
  • we use a brand new PnP Framework!

Interesting? Then please read further below. More...