Actions that use a Managed API Connector

A workflow action can also communicate with an external service using a managed API connector. These connectors run outside of the Logic App in a Microsoft-hosted Azure environment. A connections.json file contains configuration to map a named connection in the workflow definition to an instance of a Microsoft-hosted API connector. The managed API connector is invoked by the workflow using a HTTP call and the URL for the API connector is stored in the connectionRuntimeUrl attribute in the connections.json file.

When unit testing a workflow that uses a managed API connector, the dependency on the Microsoft-hosted API connector needs to be removed. The testing framework does this by updating the connections.json file and replacing the host name in each connectionRuntimeUrl attribute with the host name for a mock HTTP server that is managed by the testing framework. This allows workflow actions that use the connection to run independently of the Microsoft-hosted API connector.

If the value of connectionRuntimeUrl attribute includes @appsetting() references, these references are replaced with the values defined in the local.settings.json file, before the host name is replaced.

Updating the connection URL like this does not affect the functionality of the workflow action or change the behaviour. Every action generates an input JSON message which is then sent to the external service via the connector. The action then generates an output JSON message which is then processed by the rest of the workflow. The structure of the input and output JSON messages differs for each type of action and API connector, but as long as the same message structures are used in the request and response for the mock HTTP server, the rest of the workflow will execute in exactly the same way.

As an example, this is a managed API connection in the connections.json file for Salesforce:

"salesforce": {
    "api": {
        "id": "/subscriptions/c1661296-a732-44b9-8458-d1a0dd19815e/providers/Microsoft.Web/locations/uksouth/managedApis/salesforce"
    },
    "connection": {
        "id": "/subscriptions/c1661296-a732-44b9-8458-d1a0dd19815e/resourceGroups/rg-uks-01/providers/Microsoft.Web/connections/salesforce01"
    },
    "connectionRuntimeUrl": "https://7606763fdc09952f.10.common.logic-uksouth.azure-apihub.net/apim/salesforce/fba515601ef14f9193eee596a9dcfd1c/",
    "authentication": {
        "type": "Raw",
        "scheme": "Key",
        "parameter": "salesforce-connection-key"
    }
}

Note that the authentication type is set to Raw when running in a local development environment.

The testing framework will replace the host name in the connectionRuntimeUrl attribute (https://7606763fdc09952f.10.common.logic-uksouth.azure-apihub.net) with the host name of the mock HTTP server:

"connectionRuntimeUrl": "http://local-server-name:7075/apim/salesforce/fba515601ef14f9193eee596a9dcfd1c/",

When the workflow is run, any request generated by actions using the connection will be sent to the mock HTTP server instead of the Microsoft-hosted API connector.

The test execution log will include logging to show when a managed API connection in the connections.json file has been updated to use the mock HTTP server:

Updating connections file for managed API connectors:
    salesforce:
      https://7606763fdc09952f.10.common.logic-uksouth.azure-apihub.net/apim/salesforce/fba515601ef14f9193eee596a9dcfd1c/ ->
        http://local-server-name:7075/apim/salesforce/fba515601ef14f9193eee596a9dcfd1c/
    outlook:
      https://7606763fdc09952f.10.common.logic-uksouth.azure-apihub.net/apim/outlook/79a0bc680716416e90e17323b581695d/ ->
        http://local-server-name:7075/apim/outlook/79a0bc680716416e90e17323b581695d/

Authentication Type

The configuration of a Managed API connection includes an authentication type attribute called type. This controls how the workflow action connects to the managed API connection infrastrcuture in Azure.

There are three permitted values for the authentication type:

Value	Usage	Description
Raw	Local development environment	Designed for development use only, not production. The token has a 7-day expiration.
ActiveDirectoryOAuth	Local development environment	Uses a client id and secret to authenticate using an App Registration in Microsoft Entra ID.
ManagedServiceIdentity	Azure only	Uses the managed identity associated with the Logic App. This is the default and recommended authentication type to use for workflows hosted and run in Azure.

When a workflow is run locally in a developer's environment, or on a build server, the managed API connection configuration in the connections.json file must use the Raw or ActiveDirectoryOAuth authentication types. If the ManagedServiceIdentity type is used, the Functions runtime will fail to start with this error:

The API connection reference name <connection name> has invalid authentication type ManagedServiceIdentity.
Only 'Raw' or 'ActiveDirectoryOAuth' authentication type is allowed in local developer environment

Authentication Type Validation

The testing framework will automatically check the connections.json file for any managed API connections using the ManagedServiceIdentity authentication type, before running any tests. This feature ensures that tests fail quickly when an incorrect authentication type is used, as opposed to taking longer to run and then failing later in the Functions runtime.

If there are any managed API connections using the ManagedServiceIdentity authentication type, an exception will be thrown by the testing framework:

There is 1 managed API connection (<connection name>) that is configured to use the 'ManagedServiceIdentity' authentication type.
Only the 'Raw' and 'ActiveDirectoryOAuth' authentication types are allowed in a local developer environment.