Ocp-Apim-Subscription-Key for Service to Service calls

%3CLINGO-SUB%20id%3D%22lingo-sub-140766%22%20slang%3D%22en-US%22%3EOcp-Apim-Subscription-Key%20for%20Service%20to%20Service%20calls%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-140766%22%20slang%3D%22en-US%22%3E%3CP%3EI%20want%20to%20require%20a%26nbsp%3B%3CSPAN%3EOcp-Apim-Subscription-Key%20when%20calling%20an%20API%20that%20is%20managed%20using%20Azure%20API%20Management.%20If%20I%20am%20calling%20the%20API%20from%20another%20API%2C%20what%20Ocp-Apim-Subscription-Key%26nbsp%3Bshould%20I%20use%3F%20Do%20I%20need%20to%20set%20up%20a%20%22User%22%20in%20Azure%20API%20Management%20that%20represents%20the%20calling%20API%20and%20add%20that%20User%20to%20a%20Product%20that%20has%20access%20to%20my%20API%3F%20Seems%20silly%20to%20have%20to%20add%20a%20fake%20user%20that%20represents%20an%20unattended%20call%20to%20my%20API.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-140766%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAPI%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EApp%20Services%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-141595%22%20slang%3D%22en-US%22%3ERe%3A%20Ocp-Apim-Subscription-Key%20for%20Service%20to%20Service%20calls%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-141595%22%20slang%3D%22en-US%22%3E%3CP%3EI%20can%20certainly%20not%20require%20the%20Subscription%20Key%2C%20but%20from%20my%20understanding%2C%20if%20a%20SK%20is%20not%20used%20you%20will%20lose%20all%20of%20your%20analytics%20with%20regards%20to%20that%20user's%20use%20of%20the%20API.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-141479%22%20slang%3D%22en-US%22%3ERe%3A%20Ocp-Apim-Subscription-Key%20for%20Service%20to%20Service%20calls%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-141479%22%20slang%3D%22en-US%22%3E%3CP%3Eif%20you%20have%20already%20setup%20AD%20as%20an%20identity%20i%20believe%20you%20should%20be%20able%20to%20use%20AD%20auth%20on%20the%20api.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Ewe%20use%20google%20here%20and%20have%20that%20as%20an%20option.%20I%20haven't%20tried%20on%20AD.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-141221%22%20slang%3D%22en-US%22%3ERe%3A%20Ocp-Apim-Subscription-Key%20for%20Service%20to%20Service%20calls%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-141221%22%20slang%3D%22en-US%22%3E%3CP%3EThat%20is%20a%20decent%20option%2C%20however%20I'd%20prefer%20not%20to%20go%20that%20route.%20We%20have%20the%20services%20already%20setup%20with%20AAD%20authentication%20and%20I%20am%20moving%20them%20to%20APIM.%20I%20want%20to%20make%20the%20change%20as%20seamless%20as%20possible.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-141108%22%20slang%3D%22en-US%22%3ERe%3A%20Ocp-Apim-Subscription-Key%20for%20Service%20to%20Service%20calls%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-141108%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Ethis%20might%20be%20what%20you%20are%20after.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapi-management%2Fapi-management-howto-mutual-certificates%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapi-management%2Fapi-management-howto-mutual-certificates%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Deleted
Not applicable

I want to require a Ocp-Apim-Subscription-Key when calling an API that is managed using Azure API Management. If I am calling the API from another API, what Ocp-Apim-Subscription-Key should I use? Do I need to set up a "User" in Azure API Management that represents the calling API and add that User to a Product that has access to my API? Seems silly to have to add a fake user that represents an unattended call to my API.

4 Replies
Highlighted
Highlighted

That is a decent option, however I'd prefer not to go that route. We have the services already setup with AAD authentication and I am moving them to APIM. I want to make the change as seamless as possible.

Highlighted

if you have already setup AD as an identity i believe you should be able to use AD auth on the api. 

 

we use google here and have that as an option. I haven't tried on AD. 

Highlighted

I can certainly not require the Subscription Key, but from my understanding, if a SK is not used you will lose all of your analytics with regards to that user's use of the API.