I've created some API (azure function) in Azure API management, I would like to protect the access of these API with a JWT token.
I want to authorize identified clients applications to access to theses APIs.
My clients apllications are registered in my Azure AD with clients id and secrets. They all have access to my backend application, registered in the same AD with some scopes associated, that should represent my different APIs from my API managment. These steps are explained here :
I don't want in this scenario to identify the user connected but just to know that the application calling my api is the application registered in my AD with client and secret, I don't want to get access to user informations so I don't need any consent of policy.
When I'm using my client application to get my token, I have a redirection to agree policy, there is a way to use my AD to protect my API without these consent ?
I think this is quite simple but I can't found an easy solution.
Thanks for your help.