![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 38%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMB%3C/text%3E%3C/svg%3E)
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
3,542 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 4%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Hello Mehul Bhuva,
Welcome to the Microsoft Q&A and thank you for posting your questions here.
I understand that you are enquiring on how you can set custom authorization header in request section of logic app custom connector without use Security Tab.
Yes, you can streamline the token management process in a Custom Connector for Logic Apps or Power Automate/Power Apps by implementing a token refresh mechanism. But you cannot set a custom Authorization header in the request section of a Logic App Custom Connector without using the Security tab.
- This is a platform limitation.
- The only viable workaround is to use HTTP actions in Logic Apps, where you can dynamically set headers, including Bearer tokens.
Putting into consideration that:
- Using Custom Connector with API Key auth for Bearer tokens — not dynamic.
- Trying to inject Authorization header in Custom Connector — not allowed.
- And since Custom Connectors have limitations, the best approach is to avoid using them for token-based APIs and instead use HTTP actions in Logic Apps.
Therefore, the best practice is that:
- Use HTTP action with client credentials for Token Generation.
- Use Logic App variables or Azure Key Vault for Token Storage.
- Use HTTP action with dynamic Authorization header for API Calls.
- Avoid using Custom Connector for dynamic Bearer tokens.
If you would like to implement as stated, the below are the high-level steps and option you can take:
- Use an HTTP action to call the token endpoint using Client Credentials Flow.
POST https://your-auth-server.com/oauth2/token Content-Type: application/x-www-form-urlencoded client_id=your_client_id& client_secret=your_client_secret& grant_type=client_credentials - Use a "Parse JSON" action to extract the
access_tokenand store it in a Logic App variable. - Thirdly, use another HTTP action to call your API, and set the
Authorizationheader dynamically in http: Authorization: Bearer @{variables('access_token')} - Add logic to check if the token is expired (if expiry time is returned), or simply regenerate the token before each run.
- Optional to use Azure Key Vault, store the token securely in Azure Key Vault and retrieve it when needed.
I hope this is helpful! Do not hesitate to let me know if you have any other questions or clarifications.
Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 16%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERG%3C/text%3E%3C/svg%3E)