Enable token authentication for Dapr requests
When Dapr is enabled for your application in Azure Container Apps, it injects the environment variable
APP_API_TOKEN into your app's container. Dapr includes the same token in all requests sent to your app, as either:
- An HTTP header (
- A gRPC metadata option (
The token is randomly generated and unique per each app and app revision. It can also change at any time. Your application should read the token from the
APP_API_TOKEN environment variable when it starts up to ensure that it's using the correct token.
You can use this token to authenticate that calls coming into your application are actually coming from the Dapr sidecar, even when listening on public endpoints.
daprdcontainer reads and injects it into each call made from Dapr to your application.
- Your application can then use that token to validate that the request is coming from Dapr.
Authenticate requests from Dapr
If you're using a Dapr SDK, the Dapr SDKs automatically validates the token in all incoming requests from Dapr, rejecting calls that don't include the correct token. You don't need to perform any other action.
Incoming requests that don't include the token, or include an incorrect token, are rejected automatically.