Call an API without CORS enabled from Logic Apps

Logic Apps integrate seamlessly with API’s that are annotated with swagger metadata.  The HTTP + Swagger action dynamically discovers all available operations and presents them in a user-friendly way.

There are two requirements for this to work:

  • The Swagger metadata must be hosted on a publicly accessible URL (HTTPS)
  • The Swagger metadata must have CORS enabled

If one of the above requirements is not met, you get the following exception:

CORS - 1

Failed to fetch swagger. Ensure you have CORS enabled on the endpoint and are calling a valid HTTPS endpoint

There is a workaround available for this problem, without modifying the backend API. First you need to get the Swagger definition from the backend API.  You can download it or you can ask for an offline copy, in case the Swagger is not published.  Secondly, you need to upload that Swagger documentation to blob storage, with CORS enabled, and reference it from within Logic Apps.  These are the steps to be taken:

  • Create a storage account
  • Create a new blob container with the public access type Blob

CORS - 2

  • Upload the swagger definition to the blob container

CORS - 3

CORS - 4CORS - 5

CORS - 6

  • You should see now that the designer discovered all available operations!

CORS - 7

It took me a while to found the resolution for this problem.  This workaround is mentioned in the Logic Apps documentation, so all kudos for the product team!  It’s important to be aware of this solution, so you don’t try to enforce unneeded changes at the backend API.

About me

Hi! I’m Toon Vanhoutte, a hands-on Azure architect – based in Belgium – with a big passion for teaching and helping people out. I’m happy to assist you during your Azure journey with high-quality advisory and I would love to teach you Azure’s possibilities via my tailored training courses.

Subscribe to the blog