Jan 01 2018 01:17 PM
Jan 01 2018 01:17 PM
I want to require a Ocp-Apim-Subscription-Key when calling an API that is managed using Azure API Management. If I am calling the API from another API, what Ocp-Apim-Subscription-Key should I use? Do I need to set up a "User" in Azure API Management that represents the calling API and add that User to a Product that has access to my API? Seems silly to have to add a fake user that represents an unattended call to my API.
Jan 02 2018 07:24 PM
this might be what you are after.
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-mutual-certificates
Jan 03 2018 05:06 AM
That is a decent option, however I'd prefer not to go that route. We have the services already setup with AAD authentication and I am moving them to APIM. I want to make the change as seamless as possible.
Jan 03 2018 04:30 PM
if you have already setup AD as an identity i believe you should be able to use AD auth on the api.
we use google here and have that as an option. I haven't tried on AD.
Jan 04 2018 05:49 AM
I can certainly not require the Subscription Key, but from my understanding, if a SK is not used you will lose all of your analytics with regards to that user's use of the API.