More Securely Access an HTTP Request Trigger

In a previous post, we learned how to trigger a Power Automate flow by calling an HTTP endpoint. The best part of this trigger is that it allows you to trigger your flow from anywhere on the internet, be it an application or right in your browser. The trouble is, there isn’t security for that endpoint ‘out of the box’. Anyone who knows the endpoint’s URI can call it. So how do you secure that endpoint so that only someone who is authorized to call the endpoint can get it to run?