web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Blogs / Power Apps - Community Blog / How to Secure HTTP Requests...

How to Secure HTTP Requests Using OAuth Authentication in Power Automate

Views (39)
Inogic Profile Picture Inogic 1,135 Super User 2025 Season 2

When working with workflows triggered by HTTP requests, you may face a common challenge, i.e., ensuring that only authorized users can start the workflow. In many cases, you might need to restrict access so that only specific users within your organization can trigger it.

When a workflow is triggered by an HTTP request, controlling who can access it is crucial. Without proper security in place, anyone with the request URL could start the workflow, leading to unauthorized users gaining access to critical business processes or sensitive data. This could pose serious security risks to your organization, potentially leading to data breaches, process disruptions, or compliance issues.

To resolve this, you need a reliable way to manage authentication. One effective approach is OAuth authentication, which allows you to limit access to specific users within your organization. By implementing OAuth, you can ensure that only approved users have permission to trigger the workflow, while unauthorized users are blocked. This not only strengthens security but also ensures that workflows are used only by the right people, improving efficiency and protecting vital business information.

By setting up OAuth authentication for the “When an HTTP request is received” trigger, your company can:

  • Restrict Access – Ensure only authenticated users from the organization can trigger the workflow.
  • Allow Specific Users – Limit execution to only certain employees or service principals.
  • Verify Authentication Claims – Ensure each request contains valid credentials with necessary claims (e.g., tenant ID, issuer, audience).

This security enhancement protects sensitive data and ensures workflows are triggered only by the right people, reducing the risk of unauthorized actions.

Prerequisites: Before setting up OAuth authentication for HTTP request triggers in Power Automate, ensure you have:

  • Power Automate Account – Access to create and manage workflows.
  • Azure AD Tenant – Required for authentication and app registrations.
  • App Registration in Azure AD – Must have API permissions for Power Automate.
  • Admin Access to Azure Portal – To configure authentication and manage credentials.
  • HTTP Request Trigger – A flow using When an HTTP request is received trigger.
  • Valid API Permissions – Ensures secure authentication and service access.
  • OAuth 2.0 Token Endpoint – Knowledge of obtaining access tokens from Azure AD.
  • Postman or API Testing Tool (Optional) – Helps test API requests and authentication.

How to Configure:  First go to Home – Microsoft Azure and select Microsoft Entra ID...Read More

Comments