I am trying to turn on an existing flow in draft state (having all connections verified) via data API as documented here (Update a flow section):
https://docs.microsoft.com/en-gb/power-automate/web-api

The API is able to perform PATCH operations on all aspects of the flow, also I am able to list flows and import solutions but on setting state code to 1 the following error is thrown:

"error": {
"code": "0x80060467",
"message": "Flow client error returned with status code "BadRequest" and details "{"error":{"code":"BapListServicePlansFailed","message":"{\"error\":{\"code\":\"MissingUserDetails\",\"message\":\"The user details for tenant id '{guid}' and principal id '{guid}' doesn't exist.\"}}"}}".",
"innererror": {
"message": "Flow client error returned with status code "BadRequest" and details "{"error":{"code":"BapListServicePlansFailed","message":"{\"error\":{\"code\":\"MissingUserDetails\",\"message\":\"The user details for tenant id '{guid}' and principal id '{guid}' doesn't exist.\"}}"}}".",
"type": "System.ServiceModel.FaultException1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=9.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]", "stacktrace": " at Microsoft.Crm.Extensibility.OrganizationSdkServiceInternal.Execute(OrganizationRequest request, InvocationContext invocationContext, CallerOriginToken callerOriginToken, WebServiceType serviceType, Boolean checkAdminMode, ExecutionContext executionContext, Dictionary2 optionalParameters)\r\n at Microsoft.Crm.Extensibility.OData.CrmODataExecutionContext.Upsert(Entity entity)\r\n at Microsoft.Crm.Extensibility.OData.CrmODataExecutionContext.Update(Entity entity, UpdateOption updateOption)\r\n at Microsoft.Crm.Extensibility.OData.CrmODataServiceDataProvider.UpdateEdmEntity(CrmODataExecutionContext context, String edmEntityName, String entityKeyValue, EdmEntityObject entityObject)\r\n at Microsoft.Crm.Extensibility.OData.EntityController.PatchEntityImplementation(String& entityName, String key, EdmEntityObject entityDelta)\r\n at Microsoft.PowerApps.CoreFramework.ActivityLoggerExtensions.Execute[TResult](ILogger logger, EventId eventId, ActivityType activityType, Func1 func, IEnumerable1 additionalCustomProperties)\r\n at Microsoft.Xrm.Telemetry.XrmTelemetryExtensions.Execute[TResult](ILogger logger, XrmTelemetryActivityType activityType, Func1 func)\r\n at lambda_method(Closure , Object , Object[] )\r\n at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClass10.<GetExecutor>b__9(Object instance, Object[] methodParameters)\r\n at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary2 arguments, CancellationToken cancellationToken)\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Controllers.ApiControllerActionInvoker.d__0.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Controllers.ActionFilterResult.d__2.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.Dispatcher.HttpControllerDispatcher.d__1.MoveNext()"
}
}

Also note that I am able to turn on the flow from portal, only doing so via the API is the issue.

Also facing the same issue. In my case, it is both when updating the state and status as well as when updating the clientdata field. It works via the API as a licensed user so I have a feeling that the problem is when making requests as an application user.

@radioblazer Can you please look at this feedback to determine if it is a documentation issue, or whether customer should be referred to support. If we need to update docs, please work with me or @MSFTMan on that.

Any news on this topic, guys? I'm also facing this issue. Contacted Microsoft Support about a month ago to no avail. They're lost between AD or Power Automate permissions.

I had a support ticket open for a while. In the end, it was apparently determined with the dev team that it was by design that application users could not update certain fields via the API. The workaround for us is to use a licenced user for our deployment.

It's not simply that certain fields can't be updated via the API, but maybe certain statecodes can't be set by an application user?

I can go the other way. It seems to allow them to be to set them to a "Draft" state, but not an "Activated" state. Going to "Draft" works fine without issue, but attempting to go back to "Activated" results in the same error message.

Using a licensed user for us would mean trying to get one of our clients to activate them (non-starter really). Luckily, we found that we could do this operation as delegated admin, the only "gotcha" that we ran into there was that the app registration permissions had to be approved (admin consent granted) for the specific tenant first.

In any case, it would be nice if there were some documentation around what is allowed and not using licensed users versus application users in this specific case:
https://docs.microsoft.com/en-gb/power-automate/web-api

I am also facing this issue from long time, strange is I am able to change flow state in postman and in code(both c# and poweShell)
it throws the same issue. Let me know guys if you have any workaround for this, I need to do it from Service Principal user only.

@radioblazer can you please take a look and let @MSFTMan know if this is a documentation issue?

Hi all, any updates on this topic/issue? As of today we are still not able to Activate (Turn On) PowerApps Flow via Service Principal (Application User). Any workaround? Can we impersonate the Application User or grant some Permissions in Azure to the Service Principal? Has anyone found a solid workaround for this?

@moritzwald I've just done a really quick test and I was able to activate a flow as an application user impersonating a licensed user.

@amanbedi18 Thanks for contacting us. Unfortunately, we're unable to handle support requests for the product here. To contact Support, visit https://flow.microsoft.com/support/. Closing this issue.

Hi,

I am facing a similar issue where setting the statecode = 1 through an API fails with 400 Bad Request. How can I make this API a licensed user for Power Automate? Please help.

Thank you in advance.

@amanbedi18 - Thanks for your feedback. This feature isn't currently available, and is being considered for a future release. Closing the issue.

If this is not supported in some situations (via an application user / app registration), I think it should probably state as such in the documentation here:
https://docs.microsoft.com/en-gb/power-automate/web-api#update-a-cloud-flow

Otherwise, it seems to indicate that security role should be enough to allow the update, even for the statecode. It may make sense for the platform to perform a license check when enabling the cloud flow. The problem with sending people to support is that support will simply refer us back to the documentation, but there doesn't seem to be any documentation for this important caveat. It looks like the only ways to activate a cloud flow are to impersonate a licensed user, or to login as a delegated admin account (maybe delegated admin needs a license too, I'm not sure about that, in my case it is licensed already).

Also facing the same issue. In my case, it is both when updating the state and status as well as when updating the clientdata field. It works via the API as a licensed user so I have a feeling that the problem is when making requests as an application user.

@ewingjm Could you please let me know how you were able to add the API as a licensed user to access Power Automate or Dataverse API?

This is another killer for automating deployments... Does another possibility exist to enable flows using azure devops (also regarding dependencies...)?

Also facing the same issue. In my case, it is both when updating the state and status as well as when updating the clientdata field. It works via the API as a licensed user so I have a feeling that the problem is when making requests as an application user.

@ewingjm Could you please let me know how you were able to add the API as a licensed user to access Power Automate or Dataverse API?

This is probably too late for you now, but we've included this in our open-source Package Deployer base template. Impersonating a licensed user using this template is documented here. You can look at the code to see how it's done.