how to add cors for apim using powershell

Sreekanth Gandla 0 Reputation points
2023-02-07T09:29:26.75+00:00

i need to add Allowed origins, Allowed headers and Allowed methods for apim using powersledd and below is my code.

az apim api import --resource-group "$apimresourcegroup" --service-name "$apimname" --path "$apimapiurlsuffix" --api-id "$apiid" --subscription-required false --display-name "$apidisplayname" --description "$apidisplayname" --specification-url "$functionappswaggerurl" --specification-format OpenApi --service-url "$surl" --subscription-required "false"

please, production issue

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,783 questions
Microsoft Configuration Manager Deployment
Microsoft Configuration Manager Deployment
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Deployment: The process of delivering, assembling, and maintaining a particular version of a software system at a site.
907 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,099 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Monalla-MSFT 11,961 Reputation points
    2023-02-07T18:56:40.32+00:00

    @Sreekanth Gandla - Welcome to Microsoft Q&A and thanks for reaching out to us.

    In order to add CORS for APIM using PowerShell, you can use the following command Set-AzApiManagementCors.

    Please see the below command to add allowed origins, allowed headers and allowed methods. 

    # Connect to your Azure subscription
 Connect-AzAccount 

# Set the variables for your APIM and RG 

$apimServiceName = "myapimservice" $resourceGroupName = "myresourcegroup" 

# Add allowed origins, allowed headers and allowed methods 
$allowedOrigins = "https://example.com" $allowedHeaders = "Content-Type, Authorization" $allowedMethods = "GET, POST, PUT, DELETE" 

Set-AzApiManagementCors -ResourceGroupName $resourceGroupName -ServiceName $apimServiceName -AllowedOrigins $allowedOrigins -AllowedHeaders $allowedHeaders -AllowedMethods $allowedMethods

    Hope this helps. and please feel free to reach out if you have any further questions.

    If the above response was helpful, please feel free to "Accept as Answer" or click "Yes" so it can be beneficial to the community.

  2. MuthuKumaranMurugaachari-MSFT 22,151 Reputation points
    2023-02-09T15:33:52.1666667+00:00

    Sreekanth Gandla Thank you for posting your question in Microsoft Q&A. Based on my understanding, currently you are importing API through PowerShell with above command and would like to apply CORS with Allowed origins, Allowed headers and Allowed methods etc.

    CORS is applied through cors policy and can be applied at global, product, API or operation scope. Here is official doc reference: https://learn.microsoft.com/en-us/azure/api-management/cors-policy to check for more details.

    I understand you would like to apply this policy through PowerShell and use Set-AzApiManagementPolicy command (https://learn.microsoft.com/en-us/powershell/module/az.apimanagement/set-azapimanagementpolicy?view=azps-9.4.0) for that.

    Here is the sample policy snippet (to apply at product) from doc:

    $apimContext = New-AzApiManagementContext -ResourceGroupName "rgName" -ServiceName "apimName"
$PolicyString = '<policies>
    <inbound>
        <base />
        <cors allow-credentials="true">
            <allowed-origins>
                <!-- Localhost useful for development -->
                <origin>http://localhost:8080/</origin>
                <origin>http://example.com/</origin>
            </allowed-origins>
            <allowed-methods preflight-result-max-age="300">
                <method>GET</method>
                <method>POST</method>
                <method>PATCH</method>
                <method>DELETE</method>
            </allowed-methods>
            <allowed-headers>
                <!-- Examples below show Azure Mobile Services headers -->
                <header>x-zumo-installation-id</header>
                <header>x-zumo-application</header>
                <header>x-zumo-version</header>
                <header>x-zumo-auth</header>
                <header>content-type</header>
                <header>accept</header>
            </allowed-headers>
            <expose-headers>
                <!-- Examples below show Azure Mobile Services headers -->
                <header>x-zumo-installation-id</header>
                <header>x-zumo-application</header>
            </expose-headers>
        </cors>
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>'
Set-AzApiManagementPolicy -Context $apimContext -Format "application/vnd.ms-azure-apim.policy.raw+xml" -ProductId "starter" -Policy $PolicyString

    You can refer doc to apply the policy at different scopes based on your need. But please note that whole policy snippet has to be included in the snippet (not just CORS) otherwise it may override other existing policy at that scope.

    I hope this answers your question and feel free to add a comment for any other questions. Would be happy to answer if any. Please accept as "Yes" if the answer is helpful, so that it can help others in the community.