Home > Back-end >  Securing an endpoint on Azure API Management so that only an app (no login) can call it
Securing an endpoint on Azure API Management so that only an app (no login) can call it

Time:09-26

I am developing an Android app that doesn't require any login to use it. This app will call an endpoint on Azure API Management that I have created.

Is it possible to ensure that only that client (app) is able to call the API? I have tried this tutorial but it seems to require the users to authenticate on Active Directory.

CodePudding user response:

If you're using OAuth and tokens to access your API you might want to have a look at the client credentials. It's a flow where the client (your app), authenticates and gets an access token, without any user interaction. In a mobile environment you will need to dynamically register each installation of your app, so that each app has its own secret. You can't use one secret and compile it into your code as anyone will be able to steal it. If DCR is too much for you, you can use some kind of proxy - have your app talk to a backend service, which in turn will talk to the OAuth server. Such a backend service can keep a secret and use it to obtain client credentials tokens.

Page link:https//www.codepudding.com/Backend/128347.html

Prev:Azure - Automated recommendation management is disabled because Query Store has reached its capacity
Next:aggregate by date and id variables in R
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding