Secure "When a HTTP request is received" connector in MS Flow

This connector can act as the Incoming webhook and perform underling business functionality but its very important to protect it to receive payload from unknown audience. lets see the steps to secure this incoming request.





Add `when a HTTP request is received as a trigger condition`

Provide the required payload a per the needs (optional).

change method to POST if you need to use the payload (optional)

relativePath: add /{token} (required)

Click the ... dots and select "settings"

@equals(triggerOutputs()['relativePathParameters']['token'],'YOUR-SECRET-PASSWORD')

That's it. your business logic continues... I have added the received 'token' and 'firstName' from my payload for testing.

Call the webhook from postman.

Replace /{token} from the URL with your secret password.

Enter the required payload and click send.

Notice: Status code 202 Accepted.

Output of received payload

Output with wrong password

Notice: Status 202 Accepted. But flow would not run because of the trigger condition failure.

-Ratsub