Updates to HTTP Connector in Power Automate: Key Changes
Image Source: Shutterstock.com
Power Automate
Sep 27, 2023 5:00 PM

Updates to HTTP Connector in Power Automate: Key Changes

by HubSite 365 about Stefano Demiliani [MVP]
External Blog Post
Citizen Developer

Power AutomateLearning Selection

Discover the latest changes in Power Automates HTTP Connector to enhance security for your HTTP-triggered flows.

In this blog post, recognized Microsoft advocate, Stefano Demiliani, outlines the changes in the HTTP Connector within the functionality of Power Automate. The HTTP Connector, commonly used in many real-world projects, includes a trigger known as "When an HTTP request is received". This request allows a Power Automate flow to be triggered from external applications.

Demiliani had previously highlighted some potential security issues associated with the use of this trigger in a former post. However, the blog post focuses on a new enhancement that has been introduced to help improve the security of the HTTP-triggered flows. This is the "Who can trigger the flow" option.

The "Who can trigger the flow" feature comes with three different setting criteria; "Any user in my tenant", "Specific users in my tenant", and "Anyone". The "Any user in my tenant" option enables only authenticated users within the AD tenant to trigger the flow.

  • "Specific users in my tenant" grants access to only a specified list of users within the AD tenant to trigger the flow.
  • And lastly, "Anyone" setting means that anyone who knows the URL can trigger the flow. This new addition increases the security level of HTTP-triggered flows, giving users more control over who can execute the flow.

Enhancing Security With Power Automate's HTTP Connector

Power Automate's HTTP Connector plays a crucial role in the fate of project execution, given its widespread application in real-life projects. Its feature "When an HTTP request is received" makes triggering a Power Automate flow from external applications possible. However, the potential security issues associated with its use necessitated the introduction of the "Who can trigger the flow" option.

This feature offers better control over who may trigger the flow, significantly improving HTTP-triggered flows' security. It comes with three options - "Any user in my tenant," "Specific users in my tenant," and "Anyone" - flexible and efficient enough to cater to the needs of various projects. This latest addition marks a notable step towards more secure and reliable Power Automate flows.


Read the full article Power Automate: changes in the HTTP Connector

Learn about Power Automate: changes in the HTTP Connector

The blog post deals with the changes in the HTTP Connector for Power Automate. Power Automate, popular in real-world projects, offers a service where a flow can be triggered from external applications using the HTTP Connector. This connector contains a trigger titled "When an HTTP request is received."

The blog goes on to mention that while the author had previously discussed potential security issues with this trigger in a previous post, there is a new development. The trigger now has a fresh feature: 'Who can trigger the flow.'

The feature has three possible settings:

  • 'Any user in my tenant' which allows only authenticated users in the AD tenant to trigger the flow.
  • 'Specific users in my tenant' limits the flow triggering to a selected roster of users in the AD tenant.
  • 'Anyone' allows anyone, as long as they have the URL, to trigger the flow.

This addition stands to notably augment the security of HTTP-triggered flows.


More links on about Power Automate: changes in the HTTP Connector

Power Automate - All The HTTP Connectors And What ...
Jul 31, 2023 — In Power Automate we currently have 8 HTTP connectors: HTTP; SharePoint; Outlook; Office 365 Users; Office 365 Groups; Office 365 Groups Mail ...
HTTP connector displayed as Premium one
Jul 24, 2019 — Hi All, just noticed that the HTTP connector is now dispalyed as Premium which is strange as it is still available in the Build-in ...
Power Automate: changes in the HTTP Connector
Have you ever used the HTTP connector with Power Automate? I think the naswer is YES because it's (at least … More. This was originally posted here.
HTTP Request In Power Automate - An Introduction
In this tutorial, we'll learn and understand how an HTTP request in Power Automate works when it comes to integrating third party applications.
Make An HTTP Request in Power Automate
Learn how to create an HTTP request with Power Automate. You'll know to take an HTTP request, send out a request, and receive the data.
blocking HTTP connectors won't impact child Flows
Jul 18, 2023 — As Power Platform admin, I want to be able to block HTTP connectors via DLP policy (if required) without breaking core platform functionality.


Microsoft HTTP Connector updates, Power Automate HTTP trigger modifications, HTTP-triggered flow security improvements, Advances to Power Automate HTTP Connector, Enhancements in HTTP request flow triggers.