services / Azure / API Connections
Azure API Connections (Microsoft.Web/connections) are integration resources that store credential-backed connections (OAuth tokens, API keys, connection strings) used by Logic Apps and Power Automate to authenticate to backend SaaS and API services.
These resources broker authenticated access to external/backend systems and hold stored credential material, so key-listing and invoke operations are credential-grade exposures even though most control-plane operations affect a single integration function.
Microsoft.Web/connections/dynamicInvoke/action
Dynamic Invoke executes a call through the connection against the backing service using its stored credentials, letting an attacker ride the connection's identity to move laterally and read or manipulate data in the connected backend without seeing the raw secret.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security