Regenerating a SAS Key for an HTTP-Triggered Flow in Power Automate

As mentioned in our previous blog, we discussed securing workflows by adding OAuth authentication to ensure that only authorized users within the tenant or specific individuals can execute the flow.

However, when dealing with HTTP-triggered flows with anonymous access, keeping your Power Automate workflows secure is essential. Secure Access Signature (SAS) keys help protect these flows by controlling access to their HTTP endpoints, ensuring that only authorized requests can execute a flow.

Whenever a new flow is created with the trigger “When an HTTP request is received”, and the “Who can trigger the flow?” option is set to “Anyone”, Power Automate automatically generates an HTTP POST URL containing a SAS key. This key is embedded within the URL, as shown below.

While this mechanism provides security, SAS keys may need to be regenerated over time due to various reasons, such as key compromise, compliance with security policies, or periodic key rotation to mitigate potential risks.

In this blog, we will walk through the steps to regenerate a SAS key for an HTTP-triggered flow.

Steps to Regenerate the SAS Key

1. Sign in toPower Automate Portal and navigate to your flows.

2. Find the flow that contains the HTTP Trigger Flows and click on Edit.

3. Select the When a HTTP request is received step and note down the existing HTTP POST URL that includes the current SAS key.

4. Navigate back to the Details page and open your browser’s developer tools (F12).

5. Go to the Network tab and Filter requests by typing “runs?api-version”.If you are unable to find the request refresh the Detail page.

6. Click on runs?api-version.

7. Under the Header section, copy the Request URL and replace “runs” with “regenerateAccessKey” within the URL.

8. Scroll down to the Request Header section and note down Authorization Access Token, as shown in the screenshot below.

9. Open Postman and create a new POST request using the modified Request URL.

10. Under the Authorization tab, select Bearer Token as the authentication type and paste the Access Token into the token field.

11. Click Send. If successful, you will receive a 200 OK response, confirming that the SAS key has been regenerated.

12. To verify the new SAS key, return to Power Automate and edit the flow. Compare the new HTTP POST URL with the previous one to confirm that the key has changed.

Conclusion

Regenerating SAS keys for HTTP-triggered flows is a vital security measure that helps protect your Power Automate workflows from unauthorized access. By following these steps, you can efficiently update the SAS keys in your Power Automate flow while ensuring continued security and functionality.

The post Regenerating a SAS Key for an HTTP-Triggered Flow in Power Automate first appeared on Microsoft Dynamics 365 CRM Tips and Tricks.

Original Post https://www.inogic.com/blog/2025/03/regenerating-a-sas-key-for-an-http-triggered-flow-in-power-automate/