Office 365

Introduction to Power Portal Web API

19 maja, 2021 1
Podziel się:

Power Portal provides an easy way to display data to external customers. They can log in using their Azure AD B2C, Facebook, Google or Microsoft accounts and it is also possible to display data anonymously for everyone. Most solutions are designed to be low-code for showing or performing operations on the Dataverse. 

Microsoft decided to make life easier for developers and provided a Web API for Power Portal. Usually, such an interface allows you to create CRUD (Create, Read, Update, Delete) operations. In this case, however, we have only available ‚create’, ‚update’, ‚delete records from the table’ and ‚create or delete relationships between records’.

The problem with reading from the database interferes with work, if not prevents it. To solve this problem you can create Web API with the use of FetchXML and Web Template. I will write another article about this.

Site Settings

To enable WebApi, make the following entries in the Site Settings table:

Name Value
Webapi/contact/enabled true
Webapi/contact/fields address1_telephone1
Webapi/error/innererror true
  • Webapi/contact/enabled – enables the Web API for the Contact table.
  • Webapi/contact/fields – here you should list all the fields you want to modify.
  • Webapi/error/innererror – enables internal error forwarding to the Web API.

Permission settings

Setting permissions allows you to restrict or grant access to operations to a group of users. We add an entry to the Entity Permissions settings:

contact entity permission - Introduction to Power Portal Web API

  • Entity Name – select the table that you want to grant permissions to (Contact).
  • Scope – we have a choice of: Global, Account, Contact, Self, Parent, we select Global. More about scopes you can read in the official documentation Configure security using table permissions – Power Apps | Microsoft Docs.
  • Priviliges – we mark the operations that users will be able to do.

web api user - Introduction to Power Portal Web API
The next step is to create a Web Role in the Web Roles table and we call it Web API User.

  • Authenticated Users Role – set to ‚Yes’ allows logged-in users to invoke operations on the Web API.
  • Anonymous Users Role – set to ‚No’ to block access for unknown users.

The final step is to go to the Entity Permissions tab of the Web Role and add the Contact Entity Permission record you created earlier.

entity permission related - Introduction to Power Portal Web API

The code

let token = await shell.getTokenDeferred();

await fetch(`/_api/contacts(53bf9109-9c00-46b9-b99c-0eb5f986c97a)`, {
    method: 'PATCH',
    headers: {
    Accept: 'application/json',
    'Content-Type': 'application/json',
    __RequestVerificationToken: token,
  body: JSON.stringify({
    address1_telephone1: '555-555'


The code above is an example of updating data on a specific record in the Contact table. In the first line, we call the getTokenDeferred method, which will return a unique token for us to authenticate to the system. On the next line, we invoke the Web API, using the schema: /_api/tablename(record guid), using the PATCH method. The additional header __RequestVerificationToken stores the token retrieved earlier. In the body, we enter our object in schema: fieldname: ‚value’ and then change it to a string.

Assigning a reference to a record

The example of adding a file shows how you can create a link to an already created record in the Contact table. First, we need to create the rights for the Annotation (Note) table in Entity Permissions (select Create, Append To) and the entries in Site Settings as for Contact, adding the filename, mimetype, documentbody, and objectid_contact fields. For the Contact table permissions, we must additionally check Append.

let token = await shell.getTokenDeferred();

await fetch(`/_api/annotations`, {
  method: 'POST',
  headers: {
  Accept: 'application/json',
  'Content-Type': 'application/json',
  __RequestVerificationToken: token,
    body: JSON.stringify({
    filename: fileName,
    mimetype: mimetype,
    documentbody: base64Content,
    'objectid_contact@odata.bind': `/contacts(53bf9109-9c00-46b9-b99c-0eb5f986c97a)`,

In the example above, in line #14, a bind to the Contact table is created on the objectid field. Adding @odata.bind to the field name lets us know that it is a reference to another record. You can add and remove relationships to other records in this way.


Using the Web API in Power Portal can replace the creation of an Entity Form. This can help you build a more enhanced form and complex business logic. It is possible to build a form view entirely from scratch if this is required by our design approach and requirements from a client, who wants to create a very unusual form. Currently, some of the Plugin’s actions cannot be used, e.g. PreValidation and PreOperation actions are not supported, what is the disadvantage of using this solution.

Kategorie: Office 365
Michał Świtalik
Autor: Michał Świtalik
Software Engineer w Centrum Kompetencyjnym Office 365 w Sii. W pracy zajmuje się tworzeniem solucji dla obrotu i udostępnianiem dokumentów i informacji w biznesie, które wykorzystują technologie SharePointa. Po pracy lubię rozwijać swoje umiejętności w frameworkach JS (Angular, React, SPFX...), .Net oraz architektury.

    Imię i nazwisko (wymagane)

    Adres email (wymagane)


    Treść wiadomości


    15 lipca 2021 Odpowiedz

    Good read, keep up the good work!

    Zostaw komentarz