Forum Discussion

Luise Freese's avatar
Luise Freese
MVP
Feb 17, 2021

What did you build last week?

I am super curious!   What did you build last week in Microsoft 365?  Which problem did you solve? Where did you get stuck? What did you use? Want to share something?    Please reply below- d...
LindsayTShelton's avatar
LindsayTShelton
Brass Contributor
Feb 22, 2021

waldek I really appreciate your input - would you have a good tutorial on getting the proxy-API secured by AAD?  Part of our problem we keep running into is that it seems like all of the walkthroughs we find are doing something fundamentally different than what we are trying to accomplish, and of course we are getting different recommendations depending on who we ask without actually getting any data pulled through.

waldek's avatar
waldek
Icon for Microsoft rankMicrosoft
Feb 23, 2021
I totally understand your struggle. Like with everything unfortunately, there are multiple ways of doing things and often their effectives depends on an obscure detail.

Before I send you out to research something else, that might or might not work, what authentication model does your API support? Does it work with an API key or an app token that you need to add to every request either via query string or a header?
  • LindsayTShelton's avatar
    LindsayTShelton
    Brass Contributor
    Feb 23, 2021

    waldek I greatly appreciate it!  We are working with 3 main types of APIs in this solution - one of them uses API tokens, one of them (Atlassian) says it prefers HTTP Basic and supports OAuth, but I believe it's OAuth 1 (it's on-prem), and the third is wide open because we just built it and if it gets locked down, it will be however we choose.

     

    Last night we started looking at Azure Functions as an option since we are reaching out to everyone we can for advice, and that was one recommendation to use to take in the APIs and feed them right to SPFx.

    • waldek's avatar
      waldek
      Icon for Microsoft rankMicrosoft
      Feb 23, 2021

      LindsayTShelton when looking at Azure Functions, please check out Proxies. They could offer you a lightweight way to pass requests between SharePoint Framework and your existing APIs extending them with the necessary information like API keys, tokens, etc.

       

      When it comes to securing Azure Functions, the easiest way is by using the Authentication and Authorization settings and secure your Function with Azure AD.

       

      SharePoint Framework has a built-in support accessing APIs secured with Azure AD.

       

      One thing that I haven't checked, if configured proxies are subject to authentication and authorization settings. If they are, and proxies are sufficient for you to relay requests, they would be a great and robus solution that doesn't request any custom code on the API side.

Resources