question

Steve-6498 avatar image
0 Votes"
Steve-6498 asked MayankBargali-MSFT edited

API Manager policy to handle WebHook Secret

Can someone point me to some document where I can handle a webhook secret from a 3rd party into an API POST which has been setup on the Azure API Manager.

azure-api-management
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Steve-6498 Thanks for reaching out. Can you please confirm my understanding is correct and if you are talking about Azure APIM
Client Calling the Azure APIM API's --> APIM (need to pass the client secret from APIM to backend) --> Backend (webhook endpoint)

0 Votes 0 ·
Steve-6498 avatar image Steve-6498 MayankBargali-MSFT ·

Client has an application which has a webhook which is triggered when a new booking is entered. Thus I was thinking something like this.


Client Webhook calls the Azure APIM API--> APIM should validate the secret configured on the client side webhook and then pass it to backend which is a LogicApp.

Let me know.
Steve


0 Votes 0 ·

1 Answer

MayankBargali-MSFT avatar image
1 Vote"
MayankBargali-MSFT answered MayankBargali-MSFT edited

@Steve-6498 Just to reconfirm my understanding you are passing the secret from client to APIM and what APIM to validate whether the secret is valid or not before passing to your backend service logic app.
If this is the case, then you need to have custom service that validates this for you with some mapping at your end of different clients with their respective secrets. From APIM you can leverage SendRequest
Policy to call your custom service to validate it. In case if you have few clients then you do this mapping and storing it levering the name values. The mapping should be the product keys that you are providing to your client to call the APIM APIs with the respective secrets.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

This is exactly what I am trying to do. Currently there is only a few clients I need to support so name values looks like it might work for this use case. Evenly if this requirement grows to expand to more secret methods I will move it to SendRequest Policy.

Thanks for giving me the direction I needed.
Steve

0 Votes 0 ·

@Steve-6498 Thanks for your response. Glad to know it helped. I have converted my comment to answer. Feel free to 'Accept as Answer' so that it can help others in the community looking for help on similar topics.

0 Votes 0 ·