Secure Power Automate flow to run from only specific domain
I had a HTTP triggered Power Automate flow and wanted to make it run only when the request comes from specific domain only. There were couple of ways but below suited.
Open the Power Automate flow and click settings of the trigger. Put below conditions to check if the origin is same as your target domain.
@equals(triggerOutputs()['headers']?['origin'],'https://mycompany.sharepoint.com')
Additionally in the same way, I put couple of more checks like below.
@equals(triggerOutputs()['headers']?['mySecretKey'],'theSecretKeyGoesHere')
Also, I had to make a check if the requests are generating from a browser only.
@or(contains(triggerOutputs()['headers']?['User-Agent'],'Chrome'),contains(triggerOutputs()['headers']?['User-Agent'],'Mozilla'),contains(triggerOutputs()['headers']?['User-Agent'],'Edge'))
This helped to to secure the requests generation from a specific client only. Hope it will help someone.
Thanks
Comments
Post a Comment