Share via

Basic auth format for subscription key authentication

Martin Kallukalam 440 Reputation points
2024-09-09T02:37:45.99+00:00

I wanted to see if it is possible to do this:

In apigee clientid,client secret is sent as basic auth .

In apim I want to create similar format.

instead of Ocp-Apim-Subscription-Key as header/query parameter,

I want to do base64encode subid:subkey and pass it as request to the api.

the api inbound policy would parse and decode the subid,subkey into headers.

In API Subscription-Required: I add this header name.

Will this work?
I have a doubt if this will work because the inbound policies are applied after subscription key based authentication is evaluated. Any thoughts?

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,457 questions
0 comments
Accepted answer
  1. JananiRamesh-MSFT 29,276 Reputation points
    2024-09-12T07:15:29.2633333+00:00

    @Martin Kallukalam Thanks for reaching out. In APIM, the subscription key authentication is evaluated before the inbound policies are applied. This means that if the subscription key is missing or invalid, the request will be rejected with a 401 Unauthorized response before any inbound policies are executed.

    Given this, the approach of encoding the subid:subkey and decoding it in the inbound policy won't work as intended.

    Instead, you might consider using a different authentication mechanism that allows for custom handling, such as OAuth 2.0 or JWT tokens, which can be processed within the inbound policies.

    https://learn.microsoft.com/en-us/azure/api-management/api-management-subscriptions

    do let me know incase of further queries, I would be happy to assist you.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.