Support Subscription-key based authentication or OAUTH2 for APIM endpoint

Question

Support Subscription-key based authentication or OAUTH2 for APIM endpoint

ujjwalDev 46

Hi,

I have an APIM hosted api endpoint. I have two different clients. One client should access this api with just a subscription-key. Other client should access this with OUTH2 JWT. How can I achieve this on the policy.

If I disable the subscription-key required flag for the policy, how to achieve the subscription-key based access.

Thanks,
Ujjwal

MayankBargali-MSFT 71,016 Reputation points Moderator

2022-02-08T08:42:02.387+00:00

Hi @ujjwalDev

Following up to see if @Pramod Valavala answer helps. Do let us know if you have any queries.

Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.

1 answer

Your answer

MayankBargali-MSFT 71,016 Reputation points Moderator

2022-02-08T08:42:02.387+00:00

Hi @ujjwalDev

Following up to see if @Pramod Valavala answer helps. Do let us know if you have any queries.

Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.

Answer 1

@ujjwalDev Even if a subscription isn't required, when passed it is still parsed. So, you could use the choose statement to decide based on the header set like below

   <choose>  
       <when condition="@(context.Subscription?.Name != null)">  
           <!-- Subscription ID was present -->  
       </when>  
       <when condition="@(!String.IsNullOrWhiteSpace(context.Request.Headers.GetValueOrDefault("Authorization", "")))">  
           <!-- Authorization Header was present -->  
       </when>  
       <otherwise>  
           <!-- Neither was present -->  
       </otherwise>  
   </choose>

Share via

Support Subscription-key based authentication or OAUTH2 for APIM endpoint

1 answer

Your answer