Azure Function Keys
Planning to design a simple azure function for multiple clients.
each client will have a separate function key.
In Serverless Function, I want to write a custom security check ( extra lay...
Forum Discussion
CloudyRyan
Microsoft
MicrosoftBhargav1985 One thing to think about is API management - it's designed to do exactly what you're outlining: Create subscriptions in Azure API Management | Microsoft Docs
You can have 'subscriptions' created for each customer and you would know who the caller is and what they're allowed to do based on the passed in key. I think it would be easier to have this managed by a product that performs these tasks versus needing to maintain this look-up table in code.
CloudyRyan : I tried APIM Subscriptions. But concept is same, it passes the key in header as Ocp-Apim-Subscription-Key.
As it's in header, I can just get the value. To identify the key Name, I need to have the lookup.
Correct me if I have misunderstood the concept.
My requirement is identify the product based on the key value.
- CloudyRyanHello,
My suggestion was to use api management instead of passing keys on the header. What you are proposing sounds overly complex and would be challenging to scale as more clients come aboard. Api management would simple be another key you could issue on the product and would never require code changes. You could even correlated the issued key to a customer by storing that in a table or dB. I wouldn't overly complex it with the header inspection and just use the passed in key to discern between authorized clients.