Unanswered

'When a HTTP request is received' trigger used to have an option to choose who can trigger the flow. But now it's gone.

(0) Share

Report

Posted on by AKarhukorpi

Anybody else has this problem? Is there something I can do get that back? Was using this trigger last week and it had that option, but when I got back to this today it is gone. Tried to refresh page, created a new flow etc.

Now it looks like this:

And it used to look like this:

Categories:

Building flows

I have the same question (0)

All responses (5)

Answers (0)

StretchFredrik 3,395 Super User 2025 Season 2 on at

Like (0)

Report

Ive only had the current version for the past 2-3 years.

Dont think you can get the old version back. But maybe someone knows more?

I usually secure it with either a made-up token, or check the origin of the request.

Was this reply helpful? Yes No
AKarhukorpi 3 on at

Like (0)

Report

Okay, thanks for the answer. It is just weird because it was there last week. Do you happen to have any links which have an example using made-up token or an origin of the request as a securing method?

Was this reply helpful? Yes No
StretchFredrik 3,395 Super User 2025 Season 2 on at

Like (1)

Report

Not my post but explains the token example pretty well
Securing HTTP triggered flow in Power Automate (linkedin.com)

The origin you can check in the trigger body if im not mistaken.

Was this reply helpful? Yes No
StretchFredrik 3,395 Super User 2025 Season 2 on at

Like (0)

Report

The main reason im using this trigger is on-prem SharePoint when i need to trigger a flow for a specific file.

The way im "securing" (Im mostly limiting the exploitabiltiy of it) it then is to add the sharepoint files uniqueID to the url and the ID of the file, which i then check at the start of the flow to see if the uniqueid of the item with for example ID 12 is the same unique id as in the url. Which means you could not exploit the file with ID 13 for example, even if you have the URL for file with ID 12 since the uniqueID doesnt match.

But its still not fully "secure" its mostly limiting the exploitability.

Was this reply helpful? Yes No
ebb 2 on at

Like (0)

Report

Hi,
I do also have this problem. We have been using the 'When a HTTP request is received' trigger with the 'Specific user' option. About 2 weeks ago, this option was gone. It disappeared not only when building new flows but also for flows that are already in production environment.

Today my colleague also discovered that the option shows sometimes in the flow and when we close the flow and open it again, it not there anymore. It is going back and forth like this.

Was this reply helpful? Yes No