I am starting with the Azure function in which I am creating API Function. After creating that function, I need to protect it.

Previously, I used the Microsoft.Identity.Platform to protect API's recourses, in which I created a registration in Azure AD for API, exposed the scopes, added the client apps in the list to provide access to the resources. Furthemore, it required to confirmation for 'API permission' in client app's Azure AD registration.

So, is there anything similar can I do, and do you think it would be a good option or if there are other options to pick from?

I read about the function key, but I read it is good for development not good for production.

CodePudding user response：

I read about the function key, but I read it is good for development not good for production.

As you can see in this

And more information on securing APIs using APIM Instance is given in the above Microsoft Documentation.

Authorization keys are a default security mechanism which is better if keys not published in public applications or publicly shared.

For better security mechanism, choose different options for the production environment. the other ways should be followed from the above-mentioned comment and refer to MS Q&A Forum 801055 provided the same by the user @LohithGN.