How to secure Azure Health Bot -> Logic App flow?

Question

I followed this tutorial on Microsoft Learn to integrate Azure Health Bot with a SQL database via Logic Apps. I noticed there is no authentication between Azure Health Bot and Azure Logic Apps - so anyone who sends a POST request to the Logic App URL is essentially able to write to my SQL database.

How can I restrict Logic App to only accept authenticated requests from Azure Health Bot?

Answer 1

@RK Thanks for reaching out.

As per the learn document I can see we are creating the Request trigger. So when you save the request trigger so automatically a URL is generated along with the authorization query parameter in the URL that is used to authenticate the request. Anyone who has the right URL along with the query parameter can trigger your workflow.

In a Standard logic app workflow that starts with the Request trigger (but not a webhook trigger), you can use the Azure Functions provision for authenticating inbound calls sent to the endpoint created by that trigger by using a managed identity. This provision is also known as "Easy Auth". For more information, review Trigger workflows in Standard logic apps with Easy Auth.

Reference : https://learn.microsoft.com/en-us/azure/connectors/connectors-native-reqres?tabs=consumption#security-and-authentication

Let me know if you have any queries or concerns.

Please 'Accept Answer' if it helped so that it can help others in the community looking for help on similar topics.