Authorization from APIM to access the APIs

sonal khatri 46 Reputation points


I have a backend API which is protected under APIM. I can access the API by sending a valid access token with request.

I am using the Authorization feature of APIM, and I have an Inbound Policy. But When I send the request to API, I receive an error that the token has expired.
Using this, I am not able to automatically acquire a token when it expires.

Could you please let me know how I can achieve new token acquisition upon expiry.

        <base />
        <get-authorization-context provider-id="github-01" authorization-id="auth-01" context-variable-name="auth-context" identity-type="managed" ignore-error="false" />
        <set-header name="Authorization" exists-action="override">
            <value>@("Bearer " + ((Authorization)context.Variables.GetValueOrDefault("auth-context"))?.AccessToken)</value>
        <rewrite-uri template="@(context.Request.Url.Query.GetValueOrDefault("username",""))" copy-unmatched-params="false" />
        <set-header name="User-Agent" exists-action="override">
            <value>API Management</value>
        </set-header    </inbound>
Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,852 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,100 questions
{count} votes

1 answer

Sort by: Most helpful
  1. MuthuKumaranMurugaachari-MSFT 22,256 Reputation points

    sonal khatri Thanks for posting your question in Microsoft Q&A. When you use Authorizations feature, there are two tokens involved i.e., refresh token and access token. If access token is expired (or near expiry), APIM uses refresh token to fetch a new access token and a new refresh token from the identity provider automatically. But if refresh token is expired, then authorization has to be reauthorized. In that case, it will throw an error (depends on how ignore-error is configured).

    Based on the statement above, it looks like refresh token is expired and you need to reauthorize the authorization (Go to Authorizations Tab in the portal to reauthorize). Check out FAQ on this: When are the access tokens refreshed? and flow: Process flow for runtime.

    This feature is currently in preview and if you have any feedback, please submit it via this form. We appreciate your feedback, and it really helps to improve the features. I hope this helps with your question and let me know if any other questions.

    If you found the answer to your question helpful, please take a moment to mark it as "Yes" for others to benefit from your experience. Or simply add a comment tagging me and would be happy to answer your questions.

    0 comments No comments