In this blog post, recognized Microsoft advocate, Stefano Demiliani, outlines the changes in the HTTP Connector within the functionality of Power Automate. The HTTP Connector, commonly used in many real-world projects, includes a trigger known as "When an HTTP request is received". This request allows a Power Automate flow to be triggered from external applications.
Demiliani had previously highlighted some potential security issues associated with the use of this trigger in a former post. However, the blog post focuses on a new enhancement that has been introduced to help improve the security of the HTTP-triggered flows. This is the "Who can trigger the flow" option.
The "Who can trigger the flow" feature comes with three different setting criteria; "Any user in my tenant", "Specific users in my tenant", and "Anyone". The "Any user in my tenant" option enables only authenticated users within the AD tenant to trigger the flow.
Power Automate's HTTP Connector plays a crucial role in the fate of project execution, given its widespread application in real-life projects. Its feature "When an HTTP request is received" makes triggering a Power Automate flow from external applications possible. However, the potential security issues associated with its use necessitated the introduction of the "Who can trigger the flow" option.
This feature offers better control over who may trigger the flow, significantly improving HTTP-triggered flows' security. It comes with three options - "Any user in my tenant," "Specific users in my tenant," and "Anyone" - flexible and efficient enough to cater to the needs of various projects. This latest addition marks a notable step towards more secure and reliable Power Automate flows.
The blog post deals with the changes in the HTTP Connector for Power Automate. Power Automate, popular in real-world projects, offers a service where a flow can be triggered from external applications using the HTTP Connector. This connector contains a trigger titled "When an HTTP request is received."
The blog goes on to mention that while the author had previously discussed potential security issues with this trigger in a previous post, there is a new development. The trigger now has a fresh feature: 'Who can trigger the flow.'
The feature has three possible settings:
This addition stands to notably augment the security of HTTP-triggered flows.
Microsoft HTTP Connector updates, Power Automate HTTP trigger modifications, HTTP-triggered flow security improvements, Advances to Power Automate HTTP Connector, Enhancements in HTTP request flow triggers.