Have you ever used the HTTP connector with Power Automate? I think the naswer is YES because it’s (at least in my opinion) one of the most used in every real-world projects.
The HTTP Connector has a trigger called When an HTTP request is received that permits you to trigger a Power Automate flow from external applications. In the past I wrote a post about this trigger where I’ve talked about some possible security problems with it. You can read it here.
Starting from today, the trigger has a new Who can trigger the flow option:
The option can have the following values:
- Any user in my tenant: only authenticated users in the AD tenant can trigger the flow.
- Specific users in my tenant: only a list of specific users in the AD tenant can trigger the flow (see image below)
- Anyone: anyone (knowing the url) can trigger the flow.
This is a new great addition in order to improve the security of your HTTP-triggered flows.