B2C pass custom header to REST API

Question

B2C pass custom header to REST API

Vikas Tiwari 771

Could you please help me to find documentation or sample custom profile example where I can find way to pass custom header to REST API?

In my case we are calling REST API to validate user credentials and REST API is secured through API key, in order to make successful calls I need to pass following header:

"X-API-Key" : "API KEY VALUE"

Another details I wanted to check if there is anyway to automate this behavior, for example: If I store my API key in key-vault can I get it from key vault and add it into custom policy header, so that key rotation scenario will be handled automatically?

Thanks for your help.

Accepted answer

1 additional answer

Your answer

Answer 1

AmanpreetSingh-MSFT 56,866 Moderator

Hi @Vikas Tiwari ·

Please refer to the example below:

<TechnicalProfile Id="RestApi">  
    <DisplayName>Restful Open Source Claims Provider</DisplayName>  
    <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />  
    <Metadata>  
        <Item Key="ServiceUrl">http://myapi.example.com/api/User/formbody</Item>  
        <Item Key="AuthenticationType">ApiKeyHeader</Item>  
    </Metadata>  
    <CryptographicKeys>  
        <Key Id="x-api-key" StorageReferenceId="KeyIdInStorage" />  
    </CryptographicKeys>  
</TechnicalProfile>

The key here is "AuthenticationType" and the CryptographicKey Id= which sets the header key. Let me know if it helps.

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Vikas Tiwari 771 Reputation points

2020-08-19T22:32:20.063+00:00

Perfect @AmanpreetSingh-MSFT Its working I have validated through API call.

Just wondering if there is any option to upload this key in policy key container through key-vault, that way it will be easy to implement key rotation automatically.

Thanks for your help on this.
AmanpreetSingh-MSFT 56,866 Reputation points Moderator

2020-08-20T09:58:29.317+00:00

@Vikas Tiwari As of now we can't fetch B2C policy keys from Key Vault. B2C requires policy keys to be stored in Policy Keys container within B2C only.
Vikas Tiwari 771 Reputation points

2020-08-20T13:54:33.077+00:00

Thanks @AmanpreetSingh-MSFT I will keep note of it.

Answer 2

Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Moderator

You can send all the input claims as headers setting the Metadata\SendClaimsIn element value to Header.

Vikas Tiwari 771 Reputation points

2020-08-12T19:53:22.03+00:00

Thanks @alfredo-revilla-msft I am sending my claims in header using the way you have described. But I wanted to send few more details which is not part of my claim but only header specific information. for example in my case I need to send X-API-Key in header which is not part of my claim but will be used to authenticate request.
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator

2020-08-12T22:46:21.717+00:00

@Vikas Tiwari currently that's not supported but you can voice your interest in such feature in the Azure Active Directory feedback forum.

Share via

B2C pass custom header to REST API

1 additional answer

Your answer