services / Azure / Web Apps Hostruntime Workflow Triggers
The trigger definitions of Logic Apps Standard / Functions-style workflows hosted in an App Service site host runtime. Triggers define how and when a workflow's automation fires (HTTP webhook, schedule, connector event).
Workflows often run with a managed identity and connections to other services; their triggers and run history can expose how business automation is wired and the data it processes.
Microsoft.Web/Sites/hostruntime/webhooks/Api/workflows/triggers/listCallbackUrl/action
Returns the trigger callback URL embedding a SAS signature (sig=) that lets anyone holding it invoke the workflow without further authentication, i.e. exported credential-equivalent material.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security