top of page

WELCOME TO CLOUD MATTER

Search
Writer's pictureRoman Guoussev-Donskoi

Azure API Management: access back-end securely with managed identity

A common challenge when building cloud applications is managing the credentials for authenticating to cloud services.


Luckily Azure provides simple and elegant solution to this issue - managed identities. (


For Azure API management one can configure managed identity to generate jwt tokens and access back-end App Services protected with Azure AD authentication. This provides secure access without having to store or manage any credentials.


Configure Back-end services Authentication

Ensure your back-end services are already configured for Azure AD authentication.

For Azure Functions and App Services something like below:


The important piece of Azure AD authentication that APIM will reference to create a jwt token for accessing back-end app is client ID.



For configuring back-end APIM access authentication (when you call another APIM from your APIM instance) please see Protect an API by using OAuth 2.0 with Azure Active Directory and API Management and Protect Azure API Management Basic Tier using OAuth 2.0


API Management identity

Configure API management identity is very simple just enable it in "Setting" APIM blade as below or specify in ARM template at API management creation time.


Configure API Policy

To access back-end services protected by Azure AD authentication use we use the authentication-managed-identity policy.


Example is below


Test

You can validate (e.g. in Postman) that access function without a bearer token will return 401(unauthenticated).

If you add Authorization header with Bearer token you can see function has been accessed successfully.


Now time to test function access from API Management













1,627 views0 comments

Recent Posts

See All

RAG processing at scale

Summary Application of generative AI has become more diverse. Ubiquitous chatbot RAG pattern is complemented by other scenarios. One of...

Comments


Home: Blog2

Subscribe

Home: GetSubscribers_Widget

CONTACT

Your details were sent successfully!

Computers
Home: Contact
bottom of page