Adding security to an HTTP trigger in a Logic App

Published by Camille SCHNEIDER
Category : Azure / Logic Apps

The HTTP trigger

One of the first things to do when creating a Logic App is to choose the trigger type. This means selecting how the Logic App is kicked off.

If the trigger is an HTTP trigger, the Logic App is triggered when it is called using an HTTP query.

To do so, simply copy the URL after creating the trigger:


Then just run the query:



In summary, it is very easy to run the query that is used to call the Logic App, because obtaining the URL is enough to trigger it.

Making the call to the Logic App secure

To make the call to the Logic App secure, go to the Workflow settings tab:

LogicApp Workflow setting

There are three options:

Access control configuration

The Logic App is configured to Any IP by default, which means it can be called from any IP address.

The second option is to only allow other Logic Apps to call it.


Lastly, the final option makes it possible to authorize only one or more IP addresses.

Specific IP ranges

These are therefore the various options that can be used to make the call to the Logic App secure.

To go further, a Logic App can be exposed in Azure API Management.