Add Authorization to a specific Endpoint in Azure API Management

1
votes

I am using Azure API Management to my API.
In my API APP, I have one endpoint which requires JWT verification.
I am trying to add the Authorization directly using the API Management, as shown in the following diagram.
enter image description here.

However, when I add the Bearer Authorization directly and save it, it disappear when I reopen the OPEN API Specification.
Am I adding it to the correct place? or should it go some where else.

BEARER token which I am trying to add: 

  Bearer:
    type: apiKey
    name: Authorization
    in: header
1
azureswaggerazure-api-managementopenapi
Although it is pretty much achieved using the validate-jwt policy, but could not we specify it explicitly using the swagger/openApi Spec?CoderX

1 Answers

0
votes

There are only few ways at the moment that you can use to control securityDefinitions and security properties:

  1. Including/excluding API from Open product makes subscription key optional. If API is included only in Open product(s) then whole securityDefinition, and security properties will be missing. If both - apiKey security definitions will e created and and empty object in security should present to show that they're optional.

  2. Registering OAuth/OpenID server and assigning it to API renders corresponding content inside securityDefinitions and security properties. As well as it shows controls to developers to obtain tokens in console on dev portal to make test API calls. Mind that APIM service at this point still does not obtain token for user nor does it validate it. Association OAuth/OpenID server with API is purely documentation thing.