Is it possible to pass subscription specific parameters to backend API called?

Question

I am using Azure API Management. I have create an API (based on a logic app), a product and a subscription

just to be clear about wording: subscriber/caller -> calls API Managent -> calls backend API (my logic app)

The backend API is generic. It does a lookup of sales order history. It requires a customer id to show that customer's orders only. The relationship between customer and subscription is intended as 1:1. However I dont want subscribers to see other subscribers data. I thought, I could set a fixed parameter (e.g. customer id) to each subscription to be passed on to the backend API on any call by the API Management. However I do not see any such feature.

Or how can I limit the call to the backend API (logic app) to only show subscriber specific data? Somehow the backend API has to differentiate between subscriptions. Any idea?

Answer 1

When an API is called using a subscription key, you can access specific information about the subscription via context.Subscription in your policy expressions. The context.Subscription.Id would be the ideal choice to leverage considering it would be unique for each subscription. You would however require a mapping between this ID and any ID you may have for your own system to identity customers.

You could also use the context.User properties if subscriptions to your API are tied to a user account.

Alternatively, if you'd prefer, you could protect your APIs using OAuth 2.0. This way you could extract customer details after validating the JWT and pass the same to your backend (or the token itself if required).