API Management - Subscription Key Persisting

Question

Our team has been using the API Management service for an existing API that uses an API subscription key. It has worked fine on that existing subscription. I began trying to setup a new Product-based subscription key for giving access to an external client that should only have access to a single endpoint. Unfortunately, I was unable to get the service to only select one endpoint to allow access. As a result, I cancelled the subscription key, but it did not revoke access. So, I deleted the key, but the access remained, so I deleted the product, but that didn't work either. I read the documentation, and it says all I should have needed was to cancel the subscription key.

Once I am able to revoke access to this non-existent key I will move onto working out how to create a restricted-access subscription.

Answer 1

Hi Nelson, Greetings! Welcome to Microsoft Q&A forum. Thank you for posting this question here.You're right; cancelling the subscription key should have revoked access to the API. However, since that isn't the case for you, could you verify that

• API is configured to require a subscription?
• The API isn't a part of any open product (Products that don't have 'Require subscription' setting turned on.

If it's not configured this way, it can be accessed without any subscription key, or with a key that doesn't belong to any product, including cancelled or deleted subscription keys; but it can't be accessed with a subscription key that belongs to a product not associated with the API.