Blog Post

Apps on Azure Blog
8 MIN READ

Build an enterprise-ready Azure OpenAI solution with Azure API Management

JuliaKa's avatar
JuliaKa
Icon for Microsoft rankMicrosoft
Aug 24, 2023
With the rise of Artificial intelligence (AI), many industries and users are looking into ways to leverage this technology for their own development purposes and use cases. The field is expected to c...
Updated Aug 23, 2023
Version 1.0
application modernization
azure api management
azure cognitive services
azure paas
hoffe86's avatar
hoffe86
Icon for Microsoft rankMicrosoft
Oct 12, 2023

Maybe a short hint to the excellent article from Julia.
In meanwhile it is possible to use Managed Identity to authenticate against the Azure OpenAI Instances.


Therefore the following steps needs to be done:

    • Enable Managed Identity on APIM
    • Add APIM Managed Identity with role "Cognitive Services OpenAI User" to the OpenAI Instance.
    • Replacing Julias Inbound policy with the following snippet:
<authentication-managed-identity resource="https://cognitiveservices.azure.com" output-token-variable-name="msi-access-token" ignore-error="false" />
<set-header name="Authorization" exists-action="override">
    <value>@("Bearer " + (string)context.Variables["msi-access-token"])</value>
</set-header>

The authentication-managed-identity policy (https://learn.microsoft.com/en-us/azure/api-management/authentication-managed-identity-policy) is using the APIM System Managed Identity to request a Token with the required OAuth scope "https://cognitiveservices.azure.com". In the next step the set-header policy is used to set/replace the Authorization http header to authenticate the request