Showing results for 
Search instead for 
Did you mean: 

Security - restrict HTTP - Request trigger by IP address, tenant, group, users

I want to secure my flows by restrict IP address, tenant, group, users for HTTP - Request trigger.


My scenario:

1. Restrict in my company ipaddress to use my flows which trigger by HTTP - Request.

2. Restrict in my users of our Office 365 group to use my flows which the trigger by HTTP - Request and use from SharePoint - Flow menu.



Current, Anyone who know HTTP POST URL of the trigger, can use our Flows.

At SharePoint, When create Flow by template 'Complete a custom action for the selected item', the new flow by trigger HTTP - Request, and can use anyone who know HTTP POST URL.



Yoshihiro Kawabata





Status: Under Review

Thank you for the idea, we will evaulate this.

Impactful Individual

@Jotad710 That's really not an alternative for the issue here. The issue is we have no way of securing our flows that are called by external services. For example I can't create a flow that takes some action on 365 without knowing that I can secure the incoming HTTP request and currently there's no way of doing that with flows.

Not applicable

This is very crucial for our Power Automate adoption process. Security control related to HTTP Requests is mandatory. Please consider implementing this soon. 

New Member

May I ask if there is any update for this idea?

My organization have similar use case and concern.

Impactful Individual

@VincentWong The solution here is to use Azure Logic Apps instead for any flow that requires this restriction. Would be great if they add this to PA as well but doesn't seem like its happening any time soon