I am trying to figure out azure apim, i am primarily using it to make azure functions to a domain name, all the endpoints are all public facing and all use OAuth for authentication.
However I am having a problem with the subscription-key, my main question is are they needed? my api's work if i go into the settings and select subscription key required to false, but i can't get it to work my adding a policy on the inbound policy to add it
<inbound>
<base />
<set-header name="Ocp-Apim-Subscription-Key" exists-action="override">
<value>{{subscription-key}}</value>
</set-header>
</inbound>
so do i need them? (i would like to get the policy to work regardless just cos), any suggestions would be appriciated
If you have disabled the subscription key required option in settings, then you don't need to pass Ocp-Apim-Subscription-Key
while invoking any request.
{{subscription-key}}
format is being used when you want to fetch the value of a Named value parameter subscription-key.
In APIM, header name Ocp-Apim-Subscription-Key
is used for master subscription key which is shown below
Ocp-Apim-Subscription-Key
is still being passed in the request header by default while testing the API operations in portal. You can validate it using the below policy and check the trace.<policies>
<inbound>
<base />
<check-header name="Ocp-Apim-Subscription-Key" failed-check-httpcode="200" failed-check-error-message="Ignore subscription key" />
</inbound>
</policies>
Ocp-Apim-Subscription-Key
key in request header explicitly if you are testing it outside of portal like in postman when the subscription key required is set to false. If enabled then you need to provide the key in the request header.Ocp-Apim-Subscription-Key
key value when the subscription key required is set to false.<policies>
<inbound>
<base />
<set-header name="hasSubscriptionKey" exists-action="override">
<value>@(context.Request.Headers.GetValueOrDefault("Ocp-Apim-Subscription-Key", ""))</value>
</set-header>
</inbound>
</policies>
Trace-
Or you can also use the below policy.
<policies>
<inbound>
<base />
<set-header name="Ocp-Apim-Subscription-Key" exists-action="override">
<value>@(context.Subscription.Key)</value>
</set-header>
</inbound>
</policies>
If the Subscription key required is set to true then you need to pass Ocp-Apim-Subscription-Key
key explicitly while invoking the request Url. It is needed to provide an extra layer of security so that the user with key can only access the API.