top of page


  • Writer's pictureRoman Guoussev-Donskoi

Protect Azure API Management Basic Tier using OAuth 2.0

Microsoft provides capability to protect Azure API Management using the OAuth 2.0 with Azure Active Directory. Unfortunately Microsoft states Azure AD integration is only available in Developer, Standard and Premium tiers of API Management. (Protect an API by using OAuth 2.0 with Azure Active Directory and API Management)

This brings significant price for the use of OAuth to protect API access (for example at the moment price of Basic API Management instance is $0.26/hour whereas Standard is almost 5 times higher ($1.21/hour)) .

But "validate-jwt" in Azure API Management policy works to deliver OAuth protection to Basic pricing tier as well.


  1. create App registration in Azure Active Directory to represent your API Management instance

  2. Add "validate-jwt" to <inbound> section of API policy (provide your Azure tenant id and client Id of app registration you created).

Now when accessing API from Azure API test page, postman or your application:

Without proper bearer token in "Authorization" header we will receive 401(unauthorized) response

But with proper bearer token we will get successful response.

We have protected Azure API Basic tier using OAuth with significant cost savings compared to Standard or Premium tiers.

Will do more testing before we put into production and discuss with Microsoft but seems a definite option to consider. :)

Will publish more details soon.

333 views0 comments

Recent Posts

See All

Query SQL using OpenAI and Langchain

LLMs (such as OpenAI) are good for reasoning but they lack capability interface with outside world. This is where Langchain agents step in: agents provide LLMs with tools to perform actions (for examp


Home: Blog2


Home: GetSubscribers_Widget


Your details were sent successfully!

Home: Contact
bottom of page