Forum Discussion
Supports API-Key or X-Functions-Key in API-based message extension
Hi all,
I am tring to imprement a Teams app with API-based message extension. The backend of the API is Azure Funtions HTTP trigger and requires an API key. The API-based message extension supports the API key authentiation, but the key is sent as Bearer token (Authtorization header). Unfortunately, Azure Funtions does not supports Bearer token. Also I tried to include an OpenAPI security schemas, but it was ignored. Some other API (e.g. OpenAI Service) accepts an API key with API-Key header. I think it is not common method to send an API key with Bearer token. I think it is helpful that the users can specifiy the authencation method (by OpenAPI spec, maybe).
4 Replies
Prasad_Das-MSFTMicrosoft
karamem0 - Could you please let us know what exactly you want to achieve here? Which functionality you want to be added/implemented?
My idea is Teams detects OpenAPI Security Schema when specified authType: apiSecretServiceAuth.
OpenAPI Specification v3.0.1 | Introduction, Definitions, & More
manifest.json
"composeExtensions": [ { "composeExtensionType": "apiBased", "authorization": { "authType": "apiSecretServiceAuth", "apiSecretServiceAuthConfiguration": { "apiSecretRegistrationId": "9xxxxb0f-xxxx-40cc-xxxx-15xxxxxxxxx3" } }swagger.json
"securitySchemes": { "apikeyheader_auth": { "type": "apiKey", "name": "X-Functions-Key", "in": "header" } }- Prasad_Das-MSFT
karamem0 - To achieve your requirements, we recommend you give your feedback in Teams Feedback Portal.
