01-01-2018 01:17 PM
01-01-2018 01:17 PM
I want to require a Ocp-Apim-Subscription-Key when calling an API that is managed using Azure API Management. If I am calling the API from another API, what Ocp-Apim-Subscription-Key should I use? Do I need to set up a "User" in Azure API Management that represents the calling API and add that User to a Product that has access to my API? Seems silly to have to add a fake user that represents an unattended call to my API.
01-02-2018 07:24 PM
this might be what you are after.
https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-mutual-certificates
01-03-2018 05:06 AM
That is a decent option, however I'd prefer not to go that route. We have the services already setup with AAD authentication and I am moving them to APIM. I want to make the change as seamless as possible.
01-03-2018 04:30 PM
if you have already setup AD as an identity i believe you should be able to use AD auth on the api.
we use google here and have that as an option. I haven't tried on AD.
01-04-2018 05:49 AM
I can certainly not require the Subscription Key, but from my understanding, if a SK is not used you will lose all of your analytics with regards to that user's use of the API.