Hi @Vijay Akula Thanks for reaching out. You can't do that, because the narrower subscription level(scope) is the API/User level.
There are two solutions, add a policy on the operation level to check against the subscription but that is inefficient and dirty for the following reasons:
- You will need to keep track all the subscription keys values (removed, added, regenerated...etc).
- All the other polices precedes the checking policy will be executed before the request is denied.
- If you decide to change the subscription key header name, you will have to go through all the checking policies and modify them. The other solutions which is cleaner is to put those operations that require subscriptions in a separate api that requires subscription
please let me know incase of further queries, I would be glad to help.
Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.