I want to securely link Azure Api Management (APIM) with a Azure API App. How to give the certificate to APIM is well documented however I cannot find a description of how to provide a certificate to the API App. I know how to do it to a regular API (azurewebsite) with the portal but can you upload a certificate to an API App and and use mutual certificate authentication with an API App?
4
votes
Currently I don't think Azure API App supports the mutual cert scenario. Please double check with the Azure API App team here: social.msdn.microsoft.com/Forums/azure/en-US/…
- Miao Jiang
@MiaoJiang In the article social.msdn.microsoft.com/Forums/azure/en-US/… there is a link to kefalidis.me/2015/06/…. This states that API App itselft does not have to be secured because API Managemetn does that. But how I then can avoid that someone just goes to my API App URL directly?
- Alexander Schmidt
2 Answers
0
votes
Azure API Gateway to the backend API can be secured using certificates. Once the backend API is configured for certificate based authentication, you can configure the respective API in the API portal. In the Design blade of the respective API in API managment portal, select client certificate option to configure. You can view the details steps in the Azure documentation https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-mutual-certificates
-3
votes
I don't have a solution for this but a workaround that might be interesting for you. I made a webcast.
