Secure When a HTTP request is received Power Automate a.k.a MS Flow

Secure "When a HTTP request is received" connector in MS Flow

This connector can act as the Incoming webhook and perform underling business functionality but its very important to protect it to receive payload from unknown audience. lets see the steps to secure this incoming request.

Add `when a HTTP request is received as a trigger condition`
  • Provide the required payload a per the needs (optional).
  • change method to POST if you need to use the payload (optional)
  • relativePath: add /{token} (required)



Click the ... dots and select "settings"



@equals(triggerOutputs()['relativePathParameters']['token'],'YOUR-SECRET-PASSWORD')



That's it. your business logic continues... I have added the received 'token' and 'firstName' from my payload for testing.
  • Call the webhook from postman.
  • Replace /{token} from the URL with your secret password.
  • Enter the required payload and click send.
Notice: Status code 202 Accepted.






Output of received payload


Output with wrong password
Notice: Status 202 Accepted. But flow would not run because of the trigger condition failure.



-Ratsub

Comments

Popular posts from this blog

People picker Control in PowerApps

Upload attachment to SharePoint list item using Microsoft Flow

Modern page provisioning using page template

REST call returns XML instead of JSON in SharePoint

HTML field & Date Time formatting in powerapps

Step-By-Step Azure AD App Registration

Approval and auto escalation with time out in Microsoft Flow

Create and configure custom connectors for PowerApps and MSFlow from AzureFunctions

Developing custom reusable components in PowerApps