top of page


  • Writer's pictureRoman Guoussev-Donskoi

Azure API Management: access back-end securely with managed identity

A common challenge when building cloud applications is managing the credentials for authenticating to cloud services.

Luckily Azure provides simple and elegant solution to this issue - managed identities. (

For Azure API management one can configure managed identity to generate jwt tokens and access back-end App Services protected with Azure AD authentication. This provides secure access without having to store or manage any credentials.

Configure Back-end services Authentication

Ensure your back-end services are already configured for Azure AD authentication.

For Azure Functions and App Services something like below:

The important piece of Azure AD authentication that APIM will reference to create a jwt token for accessing back-end app is client ID.

For configuring back-end APIM access authentication (when you call another APIM from your APIM instance) please see Protect an API by using OAuth 2.0 with Azure Active Directory and API Management and Protect Azure API Management Basic Tier using OAuth 2.0

API Management identity

Configure API management identity is very simple just enable it in "Setting" APIM blade as below or specify in ARM template at API management creation time.

Configure API Policy

To access back-end services protected by Azure AD authentication use we use the authentication-managed-identity policy.

Example is below


You can validate (e.g. in Postman) that access function without a bearer token will return 401(unauthenticated).

If you add Authorization header with Bearer token you can see function has been accessed successfully.

Now time to test function access from API Management

1,492 views0 comments

Recent Posts

See All

Query SQL using OpenAI and Langchain

LLMs (such as OpenAI) are good for reasoning but they lack capability interface with outside world. This is where Langchain agents step in: agents provide LLMs with tools to perform actions (for examp


Home: Blog2


Home: GetSubscribers_Widget


Your details were sent successfully!

Home: Contact
bottom of page