Forum Discussion
Azure API Management Gateway - RBAC on the API level
Yes, it is possible to control access to specific APIs within Azure API Management Gateway.
1. Group APIs Using Products - You can organize APIs into different Products and assign users or groups to these Products. This way, users can only see and access APIs within their assigned Products.
2. Assign RBAC Roles - Azure’s Role-Based Access Control (RBAC) lets you assign roles like Reader or API Developer at the API level, ensuring users only have access to the APIs they need.
3. Use Policies for Runtime Control - You can enforce restrictions at runtime by applying policies like validate-jwt, which checks user roles or claims in their token.
4. Control Visibility in the Developer Portal - By configuring API visibility to “Product,” you ensure that only users assigned to a Product can see its APIs in the Developer Portal.
This approach keeps API access secure and well-organized, providing flexibility to manage who sees and uses specific APIs.