APIM Basic Auth then OAuth to Backend API

Question

I have a legacy Client Application that will send Username and Password to my API Management instance with will use Basic Authentication to authenticate the call.

I then want the API Management to get an OAuth Token from Microsoft Entra ID and call a Function App (System X API) with this OAuth Token.

Is this a valid scenario?

Answer 1

Hello @Stewart Joyce

You have not provided enough information, on what the client app type is, and what the System X API is. But given the information, here are some steps you can do :

1. Basic Authentication in API Management: Your client application can send the username and password to your API Management instance using Basic Authentication. This involves setting the HTTP Authorization header to the value corresponding to the credentials provided.
2. Get an OAuth Token from Microsoft Entra ID: After the call is authenticated, your API Management instance can get an OAuth token from Microsoft Entra ID. This involves using the OAuth 2.0 authorization code flow⁵. You'll need to register your application with Azure Active Directory, and then request an authorization token.
3. Call a Function App with the OAuth Token: Once your API Management instance has the OAuth token, it can call the Function App (System X API) with this token¹. To do this, your Function App should be registered with Azure Active Directory¹. You'll need to add the API URL to the Authentication section of your app registration in Azure Active Directory.

Please also note that this is a high-level overview and the exact steps may vary based on your specific setup and requirements. You may also need to handle additional considerations such as token expiration and refresh. I recommend checking the official Microsoft documentation and resources for more detailed guidance.