How-to: Call SharePoint REST API with application permissions from Azure Logic App with Azure Key Vault and Managed Identity

If you have a need to interact with SharePoint API from Power Automate \ Logic Apps, most likely you would select SharePoint connector, which uses user identity for authentication. However, it’s also possible to connect to SharePoint REST API with application permissions and certificate authentication. It’s fairly easy if you have an Azure Key Vault.

Here is what steps needed.

1. Configure Key Vault and an app registration for SharePoint API access.
2. Create a Logic App.

1. Configure Key Vault and an app registration for SharePoint API access.

I described these steps in the previous article here Simplify secret keys management for M365 applications with Azure Key Vault and Azure Managed Identity So just follow the first two “Configure Key Vault” and “Configure an app registration for SharePoint API access” if don’t have them configured.

2. Create a Logic App.

I use Logic Apps because in Power Automate both HTTP and Azure Key Vault connectors are premium. If you have a license, you can use Power Automate with the only difference, that for the Key Vault connection you will use credentials authentication and not a Managed Identity.

At a bare minimum, you need only two actions to reach SharePoint API.

Add an action to get a private key (pfx)

Select Key Vault connector, select “Get Secret” action, for authentication select “Connect with Managed Identity”. Currently, it’s in preview, if you would like not to use the preview feature, read further for an alternative method.

Give the connection a name, provide a vault name (in my case it will be “sp-keys”). Then in a dropdown select a secret - the name should be the same, as your certificate. In my case, it’s “sp-auth”.