Ocp-Apim-Subscription-Key for Service to Service calls

Question

I want to require a&nbsp;Ocp-Apim-Subscription-Key when calling an API that is managed using Azure API Management. If I am calling the API from another API, what Ocp-Apim-Subscription-Key&nbsp;should I use? Do I need to set up a "User" in Azure API Management that represents the calling API and add that User to a Product that has access to my API? Seems silly to have to add a fake user that represents an unattended call to my API.

null null · Answer

&nbsp;
this might be what you are after.&nbsp;
&nbsp;
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-mutual-certificates
&nbsp;
&nbsp;

deleted · Answer

That is a decent option, however I'd prefer not to go that route. We have the services already setup with AAD authentication and I am moving them to APIM. I want to make the change as seamless as possible.

null null · Answer

if you have already setup AD as an identity i believe you should be able to use AD auth on the api.&nbsp;
&nbsp;
we use google here and have that as an option. I haven't tried on AD.&nbsp;

deleted · Answer

I can certainly not require the Subscription Key, but from my understanding, if a SK is not used you will lose all of your analytics with regards to that user's use of the API.

Forum Discussion

Ocp-Apim-Subscription-Key for Service to Service calls

4 Replies

Resources