![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 54%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
@Anonymous Thanks for reaching out.
When you host an API in Azure API Management (APIM), the authentication and authorization can be handled by APIM itself. APIM provides a number of authentication and authorization policies that you can use to secure your API, such as OAuth2, JWT, and Basic Authentication.
If you have already configured authentication and authorization policies in APIM, you do not need to configure them again on the API backend. APIM will handle the authentication and authorization for incoming requests and forward the requests to the API backend with the appropriate credentials. Make sure that your backend is only accessible using APIM.
However, if you have additional security requirements that are not supported by APIM, you may need to configure additional authentication and authorization policies on the API backend. For example, if you need to use client certificates to authenticate requests, you may need to configure the API backend to accept and validate client certificates.
In general, it is recommended to handle authentication and authorization at the edge of your system, such as in APIM, rather than in the API backend. This allows you to centralize the security policies and provides a consistent security model for all APIs hosted in APIM.
Feel free to get back to me if you have any queries or concerns.
Please "Accept Answer" if the answer is helpful so that it can help others in the community.