Portals Web API overview
Effective October 12, 2022, Power Apps portals is Power Pages. More information: Microsoft Power Pages is now generally available (blog)
We will soon migrate and merge the Power Apps portals documentation with Power Pages documentation.
The portals Web API enables a richer user experience inside Power Apps portals pages. You can use the Web API to perform create, read, update, and delete operations across all Microsoft Dataverse tables from your portals pages. For example, you can create a new account, update a contact, or change the table permissions for a product by using the portals Web API instead of the Portal Management app.
You can also use portals Web API in Power Pages. More information: What is Power Pages
- Your portal version must be 9.3.3.x or later for this feature to work.
- The portals Web API is built for creating a rich user experience inside portal pages. It isn't optimized for third-party services or application integration. Using the portals Web API to integrate with other Power Apps portals sites is also not supported.
- Portals Web API operations are limited to tables related to data—for example, accounts, contacts, or your custom tables. Configuring table metadata or portal configuration table data—for example, configuring portals tables such as adx_contentsnippet, adx_entityform, or adx_entitylist—isn't supported with the portals Web API. For a complete list, go to unsupported configuration tables later in this topic.
- The portals Web API benefits from server-side caching, so subsequent calls to the Web API are faster than the initial calls. Note that clearing the portal server-side cache causes temporary performance degradation.
- Portals Web API operations require a Power Apps portals license. For example, Web API calls made by anonymous users are counted towards page view capacity. Web API calls made by authenticated users (internal or external) are not counted towards page views, but require applicable licenses. More information: Power Apps portals licensing FAQs
Web API operations
The portals Web API offers a subset of capabilities for Dataverse operations that you can do by using the Dataverse API. We've kept the API format as similar as possible to reduce the learning curve.
Web API operations are case-sensitive.
Web API operations available in portals
- Read records from a table
- Create a record in a table
- Update and delete records in a table
- Associate and disassociate tables
Site settings for the Web API
You must enable the site setting to enable the portals Web API for your portal. You can also configure the field-level Web API that determines the table fields that can or can't be modified with the portals Web API.
Use the table logical name for these settings (for example account).
|Site setting name||Description|
|Webapi/<table name>/enabled||Enables or disables the Web API for <table name>.
|Webapi/<table name>/fields||Defines the comma-separated list of attributes that can be modified with the Web API.
- All attributes:
- Specific attributes:
Note: The value must be either an asterisk (*) or a comma-separated list of field names.
Important: This is a mandatory site setting. When this setting is missing, you'll see the error "No fields defined for this entity."
|Webapi/error/innererror||Enables or disables InnerError.
|Webapi/<table name>/disableodatafilter||Enables or disables the OData filter.
Site settings must be set to Active for changes to take effect.
For example, to expose the Web API for the Case table where authenticated users are allowed to perform create, update, and delete operations on this entity, the site settings are shown in the following table.
|Site setting name||Site setting value|
|Webapi/incident/fields||attr1, attr2, attr3|
Security with the portals Web API
You can configure record-based security to individual records in portals by using table permissions. The portals Web API accesses table (entity) records and follows the table permissions given to users through the associated web role.
You can configure column permissions to further define privileges to individual columns within a table while using the portals Web API.
Authenticating portals Web API requests
You don't need to include an authentication code, because authentication and authorization are managed by the application session. All Web API calls must include a Cross-Site Request Forgery (CSRF) token.
When referring to Dataverse tables using the portals Web API in your code, you need to use the EntitySetName, for example, to access the account table, the code syntax will use the EntitySetName of accounts;
Use the table logical name for site settings (for example, account).
You can determine the EntitySetName of specific tables by following these steps:
Select the Dataverse tab from the side panel and select the table.
Select the ... (Commands option) and then choose Advanced, Tools, and Copy set name to copy the EntitySetName of the table to your clipboard.
General Data Protection Regulation (GDPR)
All request headers will have a contact ID passed for auditing purposes. For an anonymous user, this will be passed as
If audit logging is enabled, a user can see all the audit events in the Office 365 audit log.
Unsupported configuration tables
Portals Web API can't be used for the following configuration tables:
Users will get a CDS error if they invoke a
GET Web API request for tables that have multiple levels of 1 to many or many to many table permissions with parent scope defined.
To resolve this issue, the recommended solution is to use FetchXML in the OData query.
Alternatively, set the site setting Webapi/<table name>/disableodatafilter to
Changing the site setting Webapi/<table name>/disableodatafilter to
True may result in slower performance for Web API
The site setting is available in portal version 22.214.171.124 or later.