At the moment repository_dispatch is the only way to externally trigger a Github Action. To use repository_dispatch a Personal Access Token with full repo access is required.
I see a lot of people using this, but it’s important to note that by giving this key to an external service, you also expose your complete codebase to this service.
I feel like this is a security disaster waiting to happen, and should be replaced with something else as fast as possible. (I know people shouldn’t be doing this, but there is no other way, so it’s very tempting)