Secure Power Automate flow to run from only specific domain

I had a HTTP triggered Power Automate flow and wanted to make it run only when the request comes from specific domain only. There were couple of ways but below suited.


Open the Power Automate flow and click settings of the trigger. Put below conditions to check if the origin is same as your target domain.

@equals(triggerOutputs()['headers']?['origin'],'https://mycompany.sharepoint.com') 

Additionally in the same way, I put couple of more checks like below.

@equals(triggerOutputs()['headers']?['mySecretKey'],'theSecretKeyGoesHere')

Also, I had to make a check if the requests are generating from a browser only.

@or(contains(triggerOutputs()['headers']?['User-Agent'],'Chrome'),contains(triggerOutputs()['headers']?['User-Agent'],'Mozilla'),contains(triggerOutputs()['headers']?['User-Agent'],'Edge'))

This helped to to secure the requests generation from a specific client only. Hope it will help someone.


Thanks

Comments

Popular Posts

GREYCstoration Oil Paint plugin for Photoshop

Apple iPhone sending SMS automatically 00447786205094

SharePoint online hub navigation not updating for other users

Service Bus Gateway service stuck at Starting

PowerApps SubmitForm not clearing People Picker value