I have a policy on all my operations in Azure API Management to validate a JWT Token and extract the sub Claim, which I store in a userId variable that can be used in other policies. I have an operation called Organization Add that calls an Azure Function to add an organization to the database….
I use Postman for testing my API calls to Azure API Management. In each of my requests I need to pass a Ocp-Apim-Subscription-Key header. In this header I provide my subscription key for my API provided by Azure API Management. Normally I would do this for each request. What if I need to change the…
With all that is going on with COVID-19 and the impact that it is having on retailers, I took a couple of days and wrote a curb-side app that would allow customers to notify a retailer, or any vendor for that matter, that they had arrived to pick-up their order. Please note, this is an…
In previous article we looked at how to secure an Azure Function with Azure API Management, in an effort to only allow resources within the Azure tenant access. Could the same thing be done with a Web Api hosted in App Services? Surprisingly, it was just as easy to implement. You setup Express Auth through…
In this article I want to revisit securing an Azure Function so that it cannot be called directly, but can be called by Azure API Management. To do this, I am going to leverage Managed Identities and make use of this in my API Management policy. I know I could do this with IP white…
