Using Power Automate/webhooks securely on public surveys

ColinCampbell1 · ‎02-11-2022

Hi,

I'm interested in using Power Automate for a process involving Survey123, Outlook and Excel, but my survey is a public one and the guidance on public surveys highlights that webhooks for such are 'subject to potential abuse by malicious users'.

I was wondering if there was any more information on this or if there was any guidance showing you how to safely use Power Automate with public surveys (assuming you can at all).

Thanks in advance

Colin

ZacharySutherby · ‎02-11-2022

Hello @ColinCampbell1,

The alternative workflow noted in the document would be our suggested workflow.

Thank you,
Zach

TanGnar · ‎09-01-2022

Another alternative workflow I'd like your input on, please.

Could you instead set up a webhook on the protected feature layer that is not attached to the survey? You could trigger that on an added feature. Would that take away risk from a webhook on the public survey123 and accomplish the same goal?

It does look like developing the webhook on the feature layer is a more involved process than the Survey123 webhook.

TanGnar · ‎08-30-2022

I'm curious why webhooks were opened up to public surveys if they pose such a security risk, with minimal mention of the risk except buried in the somewhat obscure linked PDF.