Limit access by subscriptions in the Developer Portal

Yves Schelpe (KdG) 1 Reputation point
2022-11-24T12:38:50.65+00:00

We'd like to limit the scope of what a user can see by its subscription(s) in the Developer Portal, now everyone is able to see APIs and test them out. This feels not a way to go for us, is there an alternative way to couple what is tightly configured in "APIs" (via subscriptons and products) to the Developer Portal. Now it seems they're not able to be used in the widgets for authentication etc..

Thanks
Yves

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,939 questions
{count} votes

1 answer

Sort by: Most helpful
  1. JananiRamesh-MSFT 23,566 Reputation points
    2022-11-24T13:31:24.673+00:00

    Hi @Yves Schelpe (KdG) Thanks for reaching out. To control API visibility in the portal you can use Groups (https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-create-groups). All users are members of the Developers group.

    To restrict the visibility of an API add it to a new 'restricted' product. Remove the Developers group from that product. Add a new 'restricted' group to the product. Add the users who should have access to the API the 'restricted' group. Those developers and no others will now see the API in the portal and be able to subscribe through the 'restricted' product.

    If a user has access to a product. Then they can See the APIs in that product. This includes viewing the documentation on the developer portal. And seeing the API name in the list of APIs. If the product requires a subscription, then they cannot CALL the API until they are subscribed to that product. AFAIK there isn't any way to prevent the user from SEEING the API based on whether they are subscribed to the product.

    Note: group membership is actually irrelevant to whether a user can be subscribed to a product. Groups are only relevant to the developer portal. A subscription can still be created by the administrator or someone with the correct RBAC permissions for a user that doesn't have access to a product through a group. If a user is subscribed to a product they will be able to see it and its APIs in the portal even if they aren't in a group that has access to the product.

    Do let me know if you have any queries.

    Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.

    0 comments No comments