Calling webapi from another webapi both protected by b2c

Question

I have 2 webapis and an angular application. All protected by azure b2c. Angular application calls a web api that then calls the other web api. What are my options for webapi webapi call. how can i access the token for scopes?

Answer 1

Hi @Praveen U (PUU) ,

To call one web API from another web API, both protected by Azure AD B2C, you can follow these steps:

1. Register both web APIs in Azure AD B2C: Register each web API as an application in your Azure AD B2C tenant, and configure their respective scopes.
2. Grant permissions: Grant the first web API (the one called by the Angular app) permissions to access the second web API's scopes.
3. Acquire an access token: When the Angular app calls the first web API, it should include an access token in the request. The first web API can then use this token to request another access token with the required scopes for the second web API.

Call the second web API: The first web API can now call the second web API using the acquired access token. Include the access token in the Authorization header of the request to the second web API.

Here's a high-level overview of the process:

1. Angular app acquires an access token for the first web API's scopes.
2. Angular app calls the first web API with the access token.
3. First web API acquires an access token for the second web API's scopes using the received token.
4. First web API calls the second web API with the new access token.

If you've already begun the process and are stuck please let me know how I can help. Please let me know if you have any questions and I can help you further.

If this answer helps you please mark "Accept Answer" so other users can reference it.

Thank you,

James