Skip to main content

Notifications

Announcements

Upwork and Microsoft Power Platform Partnership
Welcome to the Power Platform Communities
Check out the New Agent Creator Community
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps - Connector Development / Are there any security...
Power Apps - Connector Development
Unanswered

Are there any security concerns/risks of using Power Automate Custom connectors

(0) ShareShare
ReportReport
Posted on by johnjohn123 3,502

We want to start investing a lot in custom connectors inside our Power Platform to be used inside Power Apps & Power Automate. but we have a concern if using those custom connectors which will integrate with external systems can pose any security holes.

Currently we will be using those 3 security types (Basic, API Key & OAuthn 2.0)

 

3types.png

 

we would assume that ONLY if the user has the username/password then the user should be able to integrate with the external API using the username/password (in case the custom connector is using the basic authentication). Same applies the API key, so ONLY if the user has the API key then the user should be able to integrate with the external system (in case the custom connector is using the API Key authentication). And same thing applies to the OAuthn 2.0, so only if the user has the permission on his/her username the user should be able to use the external API??

so are our above assumptions correct? or users will be able to use existing connectors and connect to the external APIs? for example let take this scenario; ManagerABC who have the API key create a power automate flow or Power Apps and define the API key for the custom connector. then can any user creates a new Power automate or power app and reuse the custom connection and get to the external API even if the user should not have the permission to do so (they do not have the API key for example)?

Thanks

Categories:
Authentication
  • hhaliman Profile Picture
    hhaliman 48 on at
    Re: Are there any security concerns/risks of using Power Automate Custom connectors

    The authentication is at the API you are connecting to, not the authentication for the custom connector itself. The users you shared the connector can use this connector. So you could share the connector ONLY to users that allowed to use the API.
    Another way is to share the connector to everyone, and don't hardcode the api key in the custom connector itself, but put it as parameter to the custom connector. So only users who know the api key can use the connector.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Upwork and Microsoft Power Platform Partnership
Welcome to the Power Platform Communities
Check out the New Agent Creator Community

Quick Links

Michael Gernaey – Community Spotlight

We are honored to recognize Michael Gernaey as our June 2025 Community…

Congratulations to the May Top 10 Community Leaders!

These are the community rock stars!

Announcing the Engage with the Community forum!

This forum is your space to connect, share, and grow!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 770 Most Valuable Professional

#2
stampcoin Profile Picture

stampcoin 494

#3
MS.Ragavendar Profile Picture

MS.Ragavendar 399

Last month Overall leaderboard

Featured topics

Product updates

Microsoft Power Platform Community release plans