Rajeev Pentyala – Technical Blog on Power Platform, Azure and AI

As you may know, you can configure API Key authentication in a Custom Connector through the Security tab, as shown below.

You can refer my article : Build a canvas app with OpenAI’s Chat endpoint (ChatGpt), where I explain detailed steps to connect to the OpenAI endpoint using an API Key.

In this approach, all the end users need to do is create a connection by providing the API Key in the Bearer $OPENAI_API_KEY format.

While the above approach works well, every end user would still need to provide the API Key (i.e., Bearer $OPENAI_API_KEY) when creating a connection.

What if the end users don’t have their own key? What if Admins configure the API Key once, allowing all users to use it without knowing the API Key or having their own?

To achieve this, you can use the Custom Connector’s Policies option.

I have explained the Policies in this article : Working with Custom Connector Policies. If you are unfamiliar with Policies, I recommend reading that first.

Now, let’s see how we can leverage the Policies option to achieve our requirement.

Using Custom Connectors Policies option:

• Edit your Custom Connector.
• In the Security tab, set the Authentication type as No authentication

• Go to Definition > Policies
• Create a new Policy with following details:
  • Name : Name of your policy
  • Template : Set HTTP header
  • Operations : Choose your ‘Actions’. In my case I’ve chosen my ChatCompletion action.
  • Header name : Authorization
  • Header value : Provide in this format Bearer $OPENAI_API_KEY
  • Action if header exists : override
  • Run policy on : Request

• Go ahead and test by navigating to the Test tab.
• Click on + New connection to create a new connection. You will notice that you don’t need to provide Authorization details, as the Authorization details will automatically be copied to the Request header from the Policy.

• Click Create to complete the connection setup, and you will be ready to test the actions and use the connector.

In summary, if you prefer that your Custom Connector’s end users do not provide authorization details and you want to maintain those details centrally, you should definitely consider this option.

🙂