top of page

WELCOME TO CLOUD MATTER

Search
  • Writer's pictureRoman Guoussev-Donskoi

Protect Azure API Management Basic Tier using OAuth 2.0

Microsoft provides capability to protect Azure API Management using the OAuth 2.0 with Azure Active Directory. Unfortunately Microsoft states Azure AD integration is only available in Developer, Standard and Premium tiers of API Management. (Protect an API by using OAuth 2.0 with Azure Active Directory and API Management)


This brings significant price for the use of OAuth to protect API access (for example at the moment price of Basic API Management instance is $0.26/hour whereas Standard is almost 5 times higher ($1.21/hour)) .

But "validate-jwt" in Azure API Management policy works to deliver OAuth protection to Basic pricing tier as well.


Simply

  1. create App registration in Azure Active Directory to represent your API Management instance

  2. Add "validate-jwt" to <inbound> section of API policy (provide your Azure tenant id and client Id of app registration you created).




Now when accessing API from Azure API test page, postman or your application:

Without proper bearer token in "Authorization" header we will receive 401(unauthorized) response

But with proper bearer token we will get successful response.




We have protected Azure API Basic tier using OAuth with significant cost savings compared to Standard or Premium tiers.


Will do more testing before we put into production and discuss with Microsoft but seems a definite option to consider. :)

Will publish more details soon.

270 views0 comments

Recent Posts

See All

Databricks is an amazing platform for data engineering, data science and machine learning. One of the critical requirements of secure data processing is data audit - the ability to identity what data

SAS access to storage account is very convenient and easy and while Microsoft recommends that you use Azure AD credentials when possible as security best practice still SAS sometimes hard to avoid. Le

Home: Blog2

Subscribe

Home: GetSubscribers_Widget

CONTACT

Your details were sent successfully!

Computers
Home: Contact
bottom of page