How to Restrict API Access to Assigned Products and Users in API Management?

Question

How to Restrict API Access to Assigned Products and Users in API Management?

hampton123 1,175

In APIM I assigned a specific API to a product, and users can only access this API in the developer portal if they are assigned the product in APIM. The issue is that when I call this API through Postman, the call still goes through. Is there a way to only allow users in APIM who have been assigned the API's product to call the API?

Accepted answer

0 additional answers

Your answer

Answer 1

Pramod Valavala 20,656 Microsoft Employee Moderator

@hampton123 When creating a product in APIM, there is an option to toggle requiring a subscription as shown below User's image

This creates a protected product, which requires subscription and a different key that developers can use to call its APIs. If this is not checked, then it is an open product as mentioned in the docs and can be called by developers' existing subscription key.

These open products are not listed in the developer portal as such, but will need to be protected by other authentication mechanisms and policies, as mentioned in the docs.

hampton123 1,175 Reputation points

2023-09-26T17:54:40.5433333+00:00

Hi Pramod Valavala, thank you for your response! Also thank you for your assistance on my previous posts.

So with making the product require a subscription, this makes the subscription key required in Postman calls, correct? And then with the creation of this protected product, if my API is assigned to this product then it is immediately inaccessible unless users provide the subscription key?
Pramod Valavala 20,656 Reputation points Microsoft Employee Moderator

2023-10-02T14:56:24.1733333+00:00

@hampton123 Yes. That is correct.
hampton123 1,175 Reputation points

2023-10-02T15:24:42.32+00:00

Thank you for your help, Pramod Valavala :)

Share via

How to Restrict API Access to Assigned Products and Users in API Management?

0 additional answers

Your answer