You must specify a security policy for your adapter according to the trigger type you choose.

With webhook triggers, an external application sends the event information to the adapter. You must configure security policies to authenticate or validate the incoming messages. You may use any of the trigger-specific security policies. See What Is Webhook Security.

With polling triggers, a polling flow in the adapter logic invokes the external application. Therefore, you must configure an invoke-specific security policy.