Skip to main content
Question

Authenticate to New SecOps/Chronicle API via PowerAutomate

  • April 7, 2026
  • 1 reply
  • 11 views
collin_peel
Forum|alt.badge.img+2

I’m trying to authenticate to the new Chronicle API using PowerAutomate. It’s been working using the old API, but I’m not sure how to set it up for the new API. Has anyone done it or have any advice? 

The issue is the authentication methods I see all involve client libraries or the CLI, but in PowerAutomate there is not a pre-built integration that I see, so I’m just using HTTP requests. 

 

Previous Method

URL: https://REMOVED.siemplify-soar.com/api/external/v1/cases/CreateManualCase

Authentication Method: AppKey

 

New Method

URL: https://us-chronicle.googleapis.com/v1alpha/projects/REMOVED/locations/us/instances/REMOVED/legacyCases:createManualCase

Authentication Method: ?

 

I’ve tried API keys (https://docs.cloud.google.com/docs/authentication/api-keys-use#rest) but got an error: 

  • Action 'Using_API_Keys' failed: API keys are not supported by this API. Expected OAuth2 access token or other authentication credentials that assert a principal. See https://cloud.google.com/docs/authentication

 

If you have not used PowerAutomate, it is sort of like the SOAR Playbook functionality, but you can't write your own actions using Python. I'm essentially using HTTP API request actions, though I can string several together and do data operations if needed.

1 reply

hzmndt
Staff
Forum|alt.badge.img+11
  • hzmndt
  • Staff
  • April 7, 2026

You need to use oauth2 for auth for this new api, try create a service account (json) with required permission 

 

https://docs.cloud.google.com/chronicle/docs/reference/authentication
https://docs.cloud.google.com/chronicle/docs/reference/feature-rbac-permissions-roles

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.