services / Azure / Logic Apps API connection

A managed API connection (Logic Apps / connector instance) that stores the configuration and authentication binding linking workflows to a backend service.

Connections embed reusable backend credentials/OAuth tokens; secret material is exposed only via dedicated listsecrets/listconnectionkeys actions, while the resource itself supports a single integration function.


Microsoft.​Web/​apimanagementaccounts/​apis/​connections/​listSecrets/​action

Returns the connection's stored secrets (backend passwords, OAuth tokens, connection strings), exporting reusable credentials that grant direct authenticated access to the connected system.

Risks

Scope: CRITICAL

This privilege may grant access to sensitive data from a significant fraction of organizational functions, allow interruption of critical organizational services, or its exploit could lead to significant privilege escalation.

Links

  • https:​/​/​azure.​permissions.​cloud/​iam/​Microsoft.​Web
  • https:​/​/​learn.​microsoft.​com/​en-​us/​azure/​role-​based-​access-​control/​resource-​provider-​operations
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog