I have an Azure Function that I'm managing via Azure APIM. I have created a subsciption key for it, however it's not being enforced. I've tested accessing it without the subscription key and it can still get a response. Any idea on how I can restrict it so that you have to pass the subscription key in order to get a response?
Here is proof of my active subscription key
And here if proof that I have Subscription Required enabled
CodePudding user response:
Any idea on how I can restrict it so that you have to pass the subscription key in order to get a response?
If the request is not made with the incorrect or missing the subscription key,
on-error
section should be executed from the policies
.
Example code for on-error in XML:
<policies>
<inbound> </inbound>
<backend> </backend>
<outbound> </outbound>
<on-error>
<!-- If there is an any error -->
</on-error>
</policies>
As per the Microsoft Documentation, Predefined errors for built-in steps.
From the pre-defined error conditions that can occur during the evaluation of built-in processing steps.
Check it for either of the below options on authorization
.
SubscriptionKeyNotFound
: Access denied due to missing subscription key. Make sure to include subscription key when making requests to API.SubscriptionKeyInvalid
: Access denied due to invalid subscription key. Make sure to provide a valid key for an active subscription.
Thanks @Vitaliy Kurokhtin
, see this page for additional information.
CodePudding user response:
Able to get the message that subscription key is required for getting the response when testing the Function API that has added in the APIM Instance:
(https://i.imgur.com/J9kPCaJ.png)
If we miss the subscription key passing in headers, it enforces to pass the subscription key for getting response: (https://i.imgur.com/jgZUMvX.png)
If a subscription key is provided, then the result will be successful: