cancel
Showing results for 
Search instead for 
Did you mean: 
0 Kudos

Adding Webhook Security

When a webhook trigger is used in a flow, a public endpoint is created by Power Automate and its URL is provided to my web API (wich is the webhook sender) but anybody can guess what is the URL and can trigger my flows without being authorized to do it.

It would be cool to be able to protect the endpoint against unauthorized request.

For instance, being able to share a secret between Power Automate and my API when a webhook subscription is created (One secret for each subscription). And when we send the webhook, we add the secret to the body or the headers to allow Power Automate to tell if the webhook is coming from a well known API or not.<div> </div>
Status: New