For HTTP or Email triggers, anyone who knows the destination URL or address of the workflow can send events to it. I can manually add validation in a code step to ensure workflow events come from some source (e.g. only run the workflow when a header is set to a specific value), but I'd like a built-in way to restrict how a workflow is triggered, via API key or some other mechanism.
For HTTP or Email triggers, anyone who knows the destination URL or address of the workflow can send events to it. I can manually add validation in a code step to ensure workflow events come from some source (e.g. only run the workflow when a header is set to a specific value), but I'd like a built-in way to restrict how a workflow is triggered, via API key or some other mechanism.