web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Automate / Security - How can I s...
Power Automate
Answered

Security - How can I secure the HTTP - Request trigger ?

(0) ShareShare
ReportReport
Posted on by yoshihirok 1,724

I want to restrict my HTTP - Request triggers with IP address, Users, Organization.

for secure my flows.

1.png

 

 At creating a flow at SharePoint with a template 'Complete a custom action for the selected file',

The flow start with 'HTTP - Request' trigger.

1.png

 

 

And the 'HTTP - Request' trigger can use anyone who know trigger's HTTP POST URL.

No restriction can use the flow like IP address, User authentication, Organization.

 

I want to create flow menus in SharePoint List, SharePoint Documents with security.

How can I secure ?

 

Regards,

Yoshihiro Kawabata

 

 

 

Categories:
General topics
I have the same question (0)
  • Verified answer
    v-micsh-msft Profile Picture
    v-micsh-msft on at

    Hi @yoshihirok,

     

    I don't think there is a way to restrict the HTTP-Request (things like IP address, Users, Organization.) whe nworking with Microsoft Flow.

     

    Please consider submit this as an idea under Microsoft Flow idea forum:

    https://powerusers.microsoft.com/t5/Flow-Ideas/idb-p/FlowIdeas

     

    Regards,

    Michael

  • yoshihirok Profile Picture
    yoshihirok 1,724 on at

    Hi @v-micsh-msft,

     

    Thank you for your reply.

    I post a idea 'Security - restrict HTTP - Request trigger by IP address, tenant, group, users '.

     

    Regards,

    Yoshihiro Kawabata

     

     

  • ryanshane Profile Picture
    ryanshane 4 on at

    This is what i did:

    • One of my request parameters to include in the POST is "requestToken"
    • In the logic app verify the request token

    You could just use a hard coded GUID as some form of security, or inside your flow you could try to calculate something more complex based on time and date, forming a token that is valid only for a period of time. You could do this with an azure function or third party token verification service. The caller would need to perform the same calculation to create a valid token. This might be sufficient depending on what the flow does. This is similar to some Single Sign-On implementations to authenticate with an public website from inside a corporate network - where a token is generated (based on private key, date, and username) and included in the URL on first hitting the site. The website can then assume the user is in its list of known users since the username was incorporated in the token.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Season of Giving Solutions is Here!
Explore Copilot Studio Forums, Blogs & Galleries!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Ajay Kumar Gannamaneni – Community Spotlight

We are honored to recognize Ajay Kumar Gannamaneni as our Community Spotlight for December…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Automate

#1
Michael E. Gernaey Profile Picture

Michael E. Gernaey 525 Super User 2025 Season 2

#2
Tomac Profile Picture

Tomac 324 Moderator

#3
abm abm Profile Picture

abm abm 232 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Share your ideas and struggles with building Power Automate flows!
Survey: Power Automate mobile app
How to Ask for Help with Your Power Automate Workflow
Flows are not visible for users who sign in with their personal accounts
Start and wait for an approval action
Restore a deleted flow
List of actions cheat sheet for Power Automate Desktop
Question for everyone : How are you using Create Text GPT in AI Builder?
Welcome to the Power Automate forum!

Product updates

Microsoft Power Platform Community release plans