Forum Discussion

Copper Contributor

May 28, 2024

Supports API-Key or X-Functions-Key in API-based message extension

Hi all, I am tring to imprement a Teams app with API-based message extension. The backend of the API is Azure Funtions HTTP trigger and requires an API key. The API-based message extension supports ...

microsoft teams

Prasad_Das-MSFT

Icon for Microsoft rank

Microsoft

May 28, 2024

karamem0 - Could you please let us know what exactly you want to achieve here? Which functionality you want to be added/implemented?

karamem0
Copper Contributor
May 28, 2024
Prasad_Das-MSFT
My idea is Teams detects OpenAPI Security Schema when specified authType: apiSecretServiceAuth.
OpenAPI Specification v3.0.1 | Introduction, Definitions, & More

manifest.json
"composeExtensions": [ { "composeExtensionType": "apiBased", "authorization": { "authType": "apiSecretServiceAuth", "apiSecretServiceAuthConfiguration": { "apiSecretRegistrationId": "9xxxxb0f-xxxx-40cc-xxxx-15xxxxxxxxx3" } }

swagger.json
"securitySchemes": { "apikeyheader_auth": { "type": "apiKey", "name": "X-Functions-Key", "in": "header" } }
- Prasad_Das-MSFT
  Microsoft
  May 29, 2024
  karamem0 - To achieve your requirements, we recommend you give your feedback in Teams Feedback Portal.
  - karamem0
    Copper Contributor
    May 30, 2024
    Prasad_Das-MSFT
    Thank you for replying, I will post the feedback.
    As a workaround, I can convert Beaer token to X-Functions-Key header using APIM.
    <set-header name="X-Functions-Key" exists-action="override"> <value>@(Regex.Match(context.Request.Headers.GetValueOrDefault("Authorization",""), "^Bearer (?<key>.+)$").Groups["key"]?.Value)</value> </set-header>

Resources