%3CLINGO-SUB%20id%3D%22lingo-sub-1500941%22%20slang%3D%22en-US%22%3EAPI%20Management%20%E2%80%93%20Validate%20API%20requests%20through%20Client%20Certificate.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1500941%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3EAzure%20APIM%20%E2%80%93%20Validate%20API%20requests%20through%20Client%20Certificate%20using%20Portal%2C%20C%23%20code%20and%20Http%20Clients%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EClient%20certificates%20can%20be%20used%20to%20authenticate%20API%20requests%20made%20to%20APIs%20hosted%20using%20Azure%20APIM%20service.%20Detailed%20instructions%20for%20uploading%20client%20certificates%20to%20the%20portal%20can%20be%20found%20documented%20in%20the%20following%20article%20-%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapi-management%2Fapi-management-howto-mutual-certificates-for-clients%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapi-management%2Fapi-management-howto-mutual-certificates-for-clients%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ESteps%20to%20authenticate%20the%20request%20%E2%80%93%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3E%3CSTRONG%3E%20Via%20Azure%20portal%20%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3EOnce%20we%20have%20setup%20the%20certificate%20authentication%20using%20the%20above%20article%2C%20we%20can%20test%20an%20operation%20for%20a%20sample%20API%20(Echo%20API%20in%20this%20case).%20Here%2C%20we%20have%20chosen%20a%20GET%20operation%20and%20selected%20the%20%E2%80%9CBypass%20CORS%20proxy%E2%80%9D%20option.%3C%2FP%3E%0A%3CP%3EOnce%20you%20click%20on%20the%20%E2%80%9CSend%E2%80%9D%20option%2C%20you%20would%20be%20asked%20to%20select%20the%20certificate%20that%20you%20would%20have%20already%20installed%20on%20your%20machine.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22praskuma_1-1593593997278.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202514iE624ED23FACF9C32%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22praskuma_1-1593593997278.png%22%20alt%3D%22praskuma_1-1593593997278.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CU%3ENote%3C%2FU%3E%20%E2%80%93%20This%20is%20the%20same%20certificate%20that%20you%20would%20have%20uploaded%20for%20your%20APIM%20service%20and%20added%20to%20the%20trusted%20list%20in%20the%20certificate%20store%20of%20your%20workstation.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22praskuma_0-1593593997268.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202513i975AD81247147FA3%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22praskuma_0-1593593997268.png%22%20alt%3D%22praskuma_0-1593593997268.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAfter%20successful%20authentication%20and%20request%20processing%2C%20you%20would%20receive%20the%20200%20OK%20response%20code.%20Upon%20maneuvering%20to%20the%20trace%20logs%2C%20you%20can%20also%20see%20the%20certificate%20thumbprint%20that%20was%20passed%20for%20authentication.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22praskuma_2-1593593997284.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202515iA280312F8AFF595E%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22praskuma_2-1593593997284.png%22%20alt%3D%22praskuma_2-1593593997284.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22praskuma_3-1593593997289.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202516i20D465A05677705F%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22praskuma_3-1593593997289.png%22%20alt%3D%22praskuma_3-1593593997289.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20inbound%20policy%20definition%20used%20for%20this%20setup%20is%20as%20below%3A%3C%2FP%3E%0A%3CP%3E(Kindly%20update%20the%20certificate%20thumbprint%20with%20your%20client%20certificate%20thumbprint)%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-json%22%3E%3CCODE%3E%3CCHOOSE%3E%0A%3CWHEN%20condition%3D%22%40(context.Request.Certificate%20%3D%3D%20null%20%7C%7C%20context.Request.Certificate.Thumbprint%20!%3D%20%22%20bf3d644c46099a9d7c073ec002312878b8f9b847%3D%22%22%3E%0A%3CRETURN-RESPONSE%3E%0A%3CSET-STATUS%20code%3D%22403%22%20reason%3D%22Invalid%20client%20certificate%22%3E%3C%2FSET-STATUS%3E%0A%3C%2FRETURN-RESPONSE%3E%0A%3C%2FWHEN%3E%0A%3C%2FCHOOSE%3E%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%20start%3D%222%22%3E%0A%3CLI%3E%3CSTRONG%3EThrough%20C%23%20or%20any%20other%20language%20that%20supports%20SDKs%3C%2FSTRONG%3E-%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3EWe%20can%20use%20the%20below%20sample%20C%23%20code%20block%20to%20authenticate%20API%20calls%20and%20perform%20API%20operations.%3C%2FP%3E%0A%3CP%3EKindly%20update%20the%20below%20highlighted%20values%20with%20your%20custom%20values%20before%20executing%20the%20sample%20code%20attached%20below%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EClient%20certificate%20Thumbprint%3C%2FSTRONG%3E%3A%20BF3D644C46099A9D7C073EC002312878B8F9B847%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ERequest%20URL%3C%2FSTRONG%3E%3A%20-ERR%3AREF-NOT-FOUND-%3CA%20href%3D%22https%3A%2F%2Ftestapicert.azure-api.net%2Fecho%2Fresource%3Fparam1%3Dsample%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftestapicert.azure-api.net%2Fecho%2Fresource%3Fparam1%3Dsample%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EOcp-Apim-Subscription-Key%3A%20%3C%2FSTRONG%3E4916bbaf0ab943d9a61e0b6cc21364d2%3C%2FP%3E%0A%3CP%3ESample%20C%23%20Code%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-csharp%22%3E%3CCODE%3Eusing%20System%3B%0Ausing%20System.IO%3B%0Ausing%20System.Net%3B%0Ausing%20System.Security.Cryptography.X509Certificates%3B%0A%0Anamespace%20CallRestAPIWithCert%0A%7B%0A%20%20%20%20class%20Program%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20static%20void%20Main()%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%2F%2F%20EDIT%20THIS%20TO%20MATCH%20YOUR%20CLIENT%20CERTIFICATE%3A%20the%20subject%20key%20identifier%20in%20hexadecimal.%0A%20%20%20%20%20%20%20%20%20%20%20%20string%20thumbprint%20%3D%20%22BF3D644C46099A9D7C073EC002312878B8F9B847%22%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20X509Store%20store%20%3D%20new%20X509Store(StoreName.My%2C%20StoreLocation.CurrentUser)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20store.Open(OpenFlags.ReadOnly)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20X509Certificate2Collection%20certificates%20%3D%20store.Certificates.Find(X509FindType.FindByThumbprint%2C%20thumbprint%2C%20false)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20X509Certificate2%20certificate%20%3D%20certificates%5B0%5D%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20System.Net.ServicePointManager.SecurityProtocol%20%3D%20SecurityProtocolType.Tls12%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20ServicePointManager.ServerCertificateValidationCallback%20%3D%20new%20System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications)%3B%0A%0A%20%20%20%20%20%20%20%20%20%20%20%20HttpWebRequest%20req%20%3D%20(HttpWebRequest)WebRequest.Create(%22https%3A%2F%2Ftestapicert.azure-api.net%2Fecho%2Fresource%3Fparam1%3Dsample%22)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20req.ClientCertificates.Add(certificate)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20req.Method%20%3D%20WebRequestMethods.Http.Get%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20req.Headers.Add(%22Ocp-Apim-Subscription-Key%22%2C%20%224916bbaf0ab943d9a61e0b6cc21364d2%22)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20req.Headers.Add(%22Ocp-Apim-Trace%22%2C%20%22true%22)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20Console.WriteLine(Program.CallAPIEmployee(req).ToString())%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20Console.WriteLine(certificates%5B0%5D.ToString())%3B%0A%0A%20%20%20%20%20%20%20%20%20%20%20%20Console.Read()%3B%0A%0A%20%20%20%20%20%20%20%20%7D%0A%0A%20%20%20%20%20%20%20%20public%20static%20string%20CallAPIEmployee(HttpWebRequest%20req)%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20var%20httpResponse%20%3D%20(HttpWebResponse)req.GetResponse()%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20using%20(var%20streamReader%20%3D%20new%20StreamReader(httpResponse.GetResponseStream()))%0A%20%20%20%20%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20return%20streamReader.ReadToEnd()%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%7D%0A%0A%20%20%20%20%20%20%20%20public%20static%20bool%20AcceptAllCertifications(object%20sender%2C%20X509Certificate%20certification%2C%20X509Chain%20chain%2C%20System.Net.Security.SslPolicyErrors%20sslPolicyErrors)%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20true%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%7D%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%20start%3D%223%22%3E%0A%3CLI%3E%3CSTRONG%3EThrough%20Postman%20or%20any%20other%20Http%20Client%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3ETo%20use%20client%20certificate%20for%20authentication%2C%20the%20certificate%20has%20to%20be%20added%20under%20PostMan%20first.%3C%2FP%3E%0A%3CP%3EManeuver%20to%20Settings%20%26gt%3B%26gt%3B%20Certificates%20option%20on%20PostMan%20and%20configure%20the%20below%20values%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EHost%3C%2FSTRONG%3E%3A%20testapicert.azure-api.net%20(%23%23%20Host%20name%20of%20your%20Request%20API)%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EPFX%20file%3C%2FSTRONG%3E%3A%20C%3A%5CUsers%5Cpraskuma%5CDownloads%5Cabc.pfx%20(%23%23%20Upload%20the%20same%20client%20certificate%20that%20was%20uploaded%20to%20APIM%20instance)%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EPassphrase%3C%2FSTRONG%3E%3A%20(%23%23%20Password%20of%20the%20client%20certificate)%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22praskuma_4-1593593997302.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202518i6EC3FB4201BE5736%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22praskuma_4-1593593997302.png%22%20alt%3D%22praskuma_4-1593593997302.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOnce%20the%20certificate%20is%20uploaded%20on%20PostMan%2C%20you%20can%20go%20ahead%20and%20invoke%20the%20API%20operation.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20need%20to%20add%20the%20Request%20URL%20in%20the%20address%20bar%20and%20also%20add%20the%20below%202%20mandatory%20headers%3A%3C%2FP%3E%0A%3CP%3EOcp-Apim-Subscription-Key%20%3A%204916bbaf0a43d9a61e0bsssccc21364d2%20(%23%23Add%20your%20subscription%20key)%3C%2FP%3E%0A%3CP%3EOcp-Apim-Trace%20%3A%20true%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOnce%20updated%2C%20you%20can%20send%20the%20API%20request%20and%20receive%20a%20%3CSTRONG%3E200%20OK%3C%2FSTRONG%3E%20response%20upon%20successful%20authentication%20and%20request%20processing.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22praskuma_5-1593593997312.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202517iC6A1B5F3656FA8B2%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22praskuma_5-1593593997312.png%22%20alt%3D%22praskuma_5-1593593997312.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20detailed%20trace%20logs%2C%20you%20can%20check%20the%20value%20for%20the%20output%20header%20-%20%3CSTRONG%3EOcp-Apim-Trace-Location%3C%2FSTRONG%3E%20and%20retrieve%20the%20trace%20logs%20from%20the%20generated%20URL.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22praskuma_6-1593593997320.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202519i067F40E13B3860BB%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22praskuma_6-1593593997320.png%22%20alt%3D%22praskuma_6-1593593997320.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1500941%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3EAzure%20APIM%20%E2%80%93%20Validate%20API%20requests%20through%20Client%20Certificate%20using%20Portal%2C%20C%23%20code%20and%20Http%20Clients%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EClient%20certificates%20can%20be%20used%20to%20authenticate%20API%20requests%20made%20to%20APIs%20hosted%20using%20Azure%20APIM%20service.%20Detailed%20instructions%20for%20uploading%20client%20certificates%20to%20the%20portal%20can%20be%20found%20documented%20in%20the%20following%20article%20-%20-ERR%3AREF-NOT-FOUND-%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapi-management%2Fapi-management-howto-mutual-certificates-for-clients%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapi-management%2Fapi-management-howto-mutual-certificates-for-clients%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ESteps%20to%20authenticate%20the%20request%20%E2%80%93%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3E%3CSTRONG%3E%20Via%20Azure%20portal%20%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3EOnce%20we%20have%20setup%20the%20certificate%20authentication%20using%20the%20above%20article%2C%20we%20can%20test%20an%20operation%20for%20a%20sample%20API%20(Echo%20API%20in%20this%20case).%20Here%2C%20we%20have%20chosen%20a%20GET%20operation%20and%20selected%20the%20%E2%80%9CBypass%20CORS%20proxy%E2%80%9D%20option.%3C%2FP%3E%0A%3CP%3EOnce%20you%20click%20on%20the%20%E2%80%9CSend%E2%80%9D%20option%2C%20you%20would%20be%20asked%20to%20select%20the%20certificate%20that%20you%20would%20have%20already%20installed%20on%20your%20machine.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22praskuma_1-1593593997278.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202514iE624ED23FACF9C32%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22praskuma_1-1593593997278.png%22%20alt%3D%22praskuma_1-1593593997278.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENote%20%E2%80%93%20This%20is%20the%20same%20certificate%20that%20you%20would%20have%20uploaded%20for%20your%20APIM%20service%20and%20added%20to%20the%20trusted%20list%20in%20the%20certificate%20store%20of%20your%20workstation.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%20%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22praskuma_0-1593593997268.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202513i975AD81247147FA3%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22praskuma_0-1593593997268.png%22%20alt%3D%22praskuma_0-1593593997268.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAfter%20successful%20authentication%20and%20request%20processing%2C%20you%20would%20receive%20the%20200%20OK%20response%20code.%20Upon%20maneuvering%20to%20the%20trace%20logs%2C%20you%20can%20also%20see%20the%20certificate%20thumbprint%20that%20was%20passed%20for%20authentication.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22praskuma_2-1593593997284.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202515iA280312F8AFF595E%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22praskuma_2-1593593997284.png%22%20alt%3D%22praskuma_2-1593593997284.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22praskuma_3-1593593997289.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202516i20D465A05677705F%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22praskuma_3-1593593997289.png%22%20alt%3D%22praskuma_3-1593593997289.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20inbound%20policy%20definition%20used%20for%20this%20setup%20is%20as%20below%3A%3C%2FP%3E%0A%3CP%3E(Kindly%20update%20the%20certificate%20thumbprint%20with%20your%20client%20certificate%20thumbprint)%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3Cpre%20class%3D%22lia-code-sample%20language-json%22%3E%3Ccode%3E%3CCHOOSE%3E%0A%3CWHEN%20condition%3D%22%40(context.Request.Certificate%20%3D%3D%20null%20%7C%7C%20context.Request.Certificate.Thumbprint%20!%3D%20%22%20bf3d644c46099a9d7c073ec002312878b8f9b847%3D%22%22%3E%0A%3CRETURN-RESPONSE%3E%0A%3CSET-STATUS%20code%3D%22403%22%20reason%3D%22Invalid%20client%20certificate%22%3E%3C%2FSET-STATUS%3E%0A%3C%2FRETURN-RESPONSE%3E%0A%3C%2FWHEN%3E%0A%3C%2FCHOOSE%3E%3C%2Fcode%3E%3C%2Fpre%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%20start%3D%222%22%3E%0A%3CLI%3E%3CSTRONG%3EThrough%20C%23%20or%20any%20other%20language%20that%20supports%20SDKs%3C%2FSTRONG%3E-%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20can%20use%20the%20below%20sample%20C%23%20code%20block%20to%20authenticate%20API%20calls%20and%20perform%20API%20operations.%3C%2FP%3E%0A%3CP%3EKindly%20update%20the%20below%20highlighted%20values%20with%20your%20custom%20values%20before%20executing%20the%20sample%20code%20attached%20below%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EClient%20certificate%20Thumbprint%3C%2FSTRONG%3E%3A%20BF3D644C46099A9D7C073EC002312878B8F9B847%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ERequest%20URL%3C%2FSTRONG%3E%3A%20-ERR%3AREF-NOT-FOUND-%3CA%20href%3D%22https%3A%2F%2Ftestapicert.azure-api.net%2Fecho%2Fresource%3Fparam1%3Dsample%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftestapicert.azure-api.net%2Fecho%2Fresource%3Fparam1%3Dsample%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EOcp-Apim-Subscription-Key%3A%20%3C%2FSTRONG%3E4916bbaf0ab943d9a61e0b6cc21364d2%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESample%20Code%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3Cpre%20class%3D%22lia-code-sample%20language-csharp%22%3E%3Ccode%3Eusing%20System%3B%0Ausing%20System.IO%3B%0Ausing%20System.Net%3B%0Ausing%20System.Security.Cryptography.X509Certificates%3B%0A%0Anamespace%20CallRestAPIWithCert%0A%7B%0A%20%20%20%20class%20Program%0A%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20static%20void%20Main()%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%2F%2F%20EDIT%20THIS%20TO%20MATCH%20YOUR%20CLIENT%20CERTIFICATE%3A%20the%20subject%20key%20identifier%20in%20hexadecimal.%0A%20%20%20%20%20%20%20%20%20%20%20%20string%20thumbprint%20%3D%20%22BF3D644C46099A9D7C073EC002312878B8F9B847%22%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20X509Store%20store%20%3D%20new%20X509Store(StoreName.My%2C%20StoreLocation.CurrentUser)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20store.Open(OpenFlags.ReadOnly)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20X509Certificate2Collection%20certificates%20%3D%20store.Certificates.Find(X509FindType.FindByThumbprint%2C%20thumbprint%2C%20false)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20X509Certificate2%20certificate%20%3D%20certificates%5B0%5D%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20System.Net.ServicePointManager.SecurityProtocol%20%3D%20SecurityProtocolType.Tls12%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20ServicePointManager.ServerCertificateValidationCallback%20%3D%20new%20System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications)%3B%0A%0A%20%20%20%20%20%20%20%20%20%20%20%20HttpWebRequest%20req%20%3D%20(HttpWebRequest)WebRequest.Create(%22https%3A%2F%2Ftestapicert.azure-api.net%2Fecho%2Fresource%3Fparam1%3Dsample%22)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20req.ClientCertificates.Add(certificate)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20req.Method%20%3D%20WebRequestMethods.Http.Get%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20req.Headers.Add(%22Ocp-Apim-Subscription-Key%22%2C%20%224916bbaf0ab943d9a61e0b6cc21364d2%22)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20req.Headers.Add(%22Ocp-Apim-Trace%22%2C%20%22true%22)%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20Console.WriteLine(Program.CallAPIEmployee(req).ToString())%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20Console.WriteLine(certificates%5B0%5D.ToString())%3B%0A%0A%20%20%20%20%20%20%20%20%20%20%20%20Console.Read()%3B%0A%0A%20%20%20%20%20%20%20%20%7D%0A%0A%20%20%20%20%20%20%20%20public%20static%20string%20CallAPIEmployee(HttpWebRequest%20req)%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20var%20httpResponse%20%3D%20(HttpWebResponse)req.GetResponse()%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20using%20(var%20streamReader%20%3D%20new%20StreamReader(httpResponse.GetResponseStream()))%0A%20%20%20%20%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20return%20streamReader.ReadToEnd()%3B%0A%20%20%20%20%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%20%20%20%20%7D%0A%0A%20%20%20%20%20%20%20%20public%20static%20bool%20AcceptAllCertifications(object%20sender%2C%20X509Certificate%20certification%2C%20X509Chain%20chain%2C%20System.Net.Security.SslPolicyErrors%20sslPolicyErrors)%0A%20%20%20%20%20%20%20%20%7B%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20true%3B%0A%20%20%20%20%20%20%20%20%7D%0A%20%20%20%20%7D%0A%7D%3C%2Fcode%3E%3C%2Fpre%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%20start%3D%223%22%3E%0A%3CLI%3E%3CSTRONG%3EThrough%20Postman%20or%20any%20other%20Http%20Client%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20use%20client%20certificate%20for%20authentication%2C%20the%20certificate%20has%20to%20be%20added%20under%20PostMan%20first.%3C%2FP%3E%0A%3CP%3EManeuver%20to%20Settings%20%26gt%3B%26gt%3B%20Certificates%20option%20on%20PostMan%20and%20configure%20the%20below%20values%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EHost%3C%2FSTRONG%3E%3A%20testapicert.azure-api.net%20(%23%23%20Host%20name%20of%20your%20Request%20API)%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EPFX%20file%3C%2FSTRONG%3E%3A%20C%3A%5CUsers%5Cpraskuma%5CDownloads%5Cabc.pfx%20(%23%23%20Upload%20the%20same%20client%20certificate%20that%20was%20uploaded%20to%20APIM%20instance)%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EPassphrase%3C%2FSTRONG%3E%3A%20(%23%23%20Password%20of%20the%20client%20certificate)%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22praskuma_4-1593593997302.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202518i6EC3FB4201BE5736%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22praskuma_4-1593593997302.png%22%20alt%3D%22praskuma_4-1593593997302.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOnce%20the%20certificate%20is%20uploaded%20on%20PostMan%2C%20you%20can%20go%20ahead%20and%20invoke%20the%20API%20operation.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20need%20to%20add%20the%20Request%20URL%20in%20the%20address%20bar%20and%20also%20add%20the%20below%202%20mandatory%20headers%3A%3C%2FP%3E%0A%3CP%3EOcp-Apim-Subscription-Key%20%3A%204916bbaf0a43d9a61e0bsssccc21364d2%20(%23%23Add%20your%20subscription%20key)%3C%2FP%3E%0A%3CP%3EOcp-Apim-Trace%20%3A%20true%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOnce%20updated%2C%20you%20can%20send%20the%20API%20request%20and%20receive%20a%20%3CSTRONG%3E200%20OK%3C%2FSTRONG%3E%20response%20upon%20successful%20authentication%20and%20request%20processing.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22praskuma_5-1593593997312.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202517iC6A1B5F3656FA8B2%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22praskuma_5-1593593997312.png%22%20alt%3D%22praskuma_5-1593593997312.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20detailed%20trace%20logs%2C%20you%20can%20check%20the%20value%20for%20the%20output%20header%20-%20%3CSTRONG%3EOcp-Apim-Trace-Location%3C%2FSTRONG%3E%20and%20retrieve%20the%20trace%20logs%20from%20the%20generated%20URL.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22praskuma_6-1593593997320.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F202519i067F40E13B3860BB%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22praskuma_6-1593593997320.png%22%20alt%3D%22praskuma_6-1593593997320.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1500941%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAPI%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAPIs%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAuthentication%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20API%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EC%20Sha%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ecertificate%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ehttp%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Epostman%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

Azure APIM – Validate API requests through Client Certificate using Portal, C# code and Http Clients

 

Client certificates can be used to authenticate API requests made to APIs hosted using Azure APIM service. Detailed instructions for uploading client certificates to the portal can be found documented in the following article - https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-mutual-certificates-for-c...

 

Steps to authenticate the request –

 

  1. Via Azure portal

Once we have setup the certificate authentication using the above article, we can test an operation for a sample API (Echo API in this case). Here, we have chosen a GET operation and selected the “Bypass CORS proxy” option.

Once you click on the “Send” option, you would be asked to select the certificate that you would have already installed on your machine.

 

praskuma_1-1593593997278.png

 

Note – This is the same certificate that you would have uploaded for your APIM service and added to the trusted list in the certificate store of your workstation.

 

praskuma_0-1593593997268.png

 

After successful authentication and request processing, you would receive the 200 OK response code. Upon maneuvering to the trace logs, you can also see the certificate thumbprint that was passed for authentication.

 

praskuma_2-1593593997284.png

 

praskuma_3-1593593997289.png

 

The inbound policy definition used for this setup is as below:

(Kindly update the certificate thumbprint with your client certificate thumbprint)

 

 

 

 

<choose>
<when condition="@(context.Request.Certificate == null || context.Request.Certificate.Thumbprint != "BF3D644C46099A9D7C073EC002312878B8F9B847")">
<return-response>
<set-status code="403" reason="Invalid client certificate" />
</return-response>
</when>
</choose>

 

 

 

 

  1. Through C# or any other language that supports SDKs-

We can use the below sample C# code block to authenticate API calls and perform API operations.

Kindly update the below highlighted values with your custom values before executing the sample code attached below

 

Client certificate Thumbprint: BF3D644C46099A9D7C073EC002312878B8F9B847

Request URL: https://testapicert.azure-api.net/echo/resource?param1=sample

Ocp-Apim-Subscription-Key: 4916bbaf0ab943d9a61e0b6cc21364d2

Sample C# Code:

 

 

 

 

using System;
using System.IO;
using System.Net;
using System.Security.Cryptography.X509Certificates;

namespace CallRestAPIWithCert
{
    class Program
    {
        static void Main()
        {
            // EDIT THIS TO MATCH YOUR CLIENT CERTIFICATE: the subject key identifier in hexadecimal.
            string thumbprint = "BF3D644C46099A9D7C073EC002312878B8F9B847";
            X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
            store.Open(OpenFlags.ReadOnly);
            X509Certificate2Collection certificates = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
            X509Certificate2 certificate = certificates[0];
            System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
            ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications);

            HttpWebRequest req = (HttpWebRequest)WebRequest.Create("https://testapicert.azure-api.net/echo/resource?param1=sample");
            req.ClientCertificates.Add(certificate);
            req.Method = WebRequestMethods.Http.Get;
            req.Headers.Add("Ocp-Apim-Subscription-Key", "4916bbaf0ab943d9a61e0b6cc21364d2");
            req.Headers.Add("Ocp-Apim-Trace", "true");
            Console.WriteLine(Program.CallAPIEmployee(req).ToString());
            Console.WriteLine(certificates[0].ToString());

            Console.Read();

        }

        public static string CallAPIEmployee(HttpWebRequest req)
        {
            var httpResponse = (HttpWebResponse)req.GetResponse();
            using (var streamReader = new StreamReader(httpResponse.GetResponseStream()))
            {
                return streamReader.ReadToEnd();
            }
        }

        public static bool AcceptAllCertifications(object sender, X509Certificate certification, X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
        {
            return true;
        }
    }
}

 

 

 

 

 

 

  1. Through Postman or any other Http Client

To use client certificate for authentication, the certificate has to be added under PostMan first.

Maneuver to Settings >> Certificates option on PostMan and configure the below values:

 

Host: testapicert.azure-api.net (## Host name of your Request API)

PFX file: C:\Users\praskuma\Downloads\abc.pfx (## Upload the same client certificate that was uploaded to APIM instance)

Passphrase: (## Password of the client certificate)

 

praskuma_4-1593593997302.png

 

Once the certificate is uploaded on PostMan, you can go ahead and invoke the API operation.

 

You need to add the Request URL in the address bar and also add the below 2 mandatory headers:

Ocp-Apim-Subscription-Key : 4916bbaf0a43d9a61e0bsssccc21364d2 (##Add your subscription key)

Ocp-Apim-Trace : true

 

Once updated, you can send the API request and receive a 200 OK response upon successful authentication and request processing.

 

praskuma_5-1593593997312.png

 

 

For detailed trace logs, you can check the value for the output header - Ocp-Apim-Trace-Location and retrieve the trace logs from the generated URL.

 

praskuma_6-1593593997320.png