Question 105403 in Azure Question posted in
The official documentation to get you started can be found here.

Azure API Management – subscription key not being enforced

I have an Azure Function that I’m managing via Azure APIM. I have created a subsciption key for it, however it’s not being enforced. I’ve tested accessing it without the subscription key and it can still get a response. Any idea on how I can restrict it so that you have to pass the subscription key in order to get a response?

Here is proof of my active subscription key

enter image description here

And here if proof that I have Subscription Required enabled

enter image description here

Tags:

2

Answers


  1. 0

    Any idea on how I can restrict it so that you have to pass the subscription key in order to get a response?

    If the request is not made with the incorrect or missing the subscription key,

    on-error section should be executed from the policies .

    Example code for on-error in XML:

    <policies>  
<inbound>  </inbound>  
<backend>  </backend>  
<outbound> </outbound>  
<on-error>  
<!-- If there is an any error -->  
</on-error>  
</policies>

    As per the Microsoft Documentation, Predefined errors for built-in steps.

    From the pre-defined error conditions that can occur during the evaluation of built-in processing steps.

    Check it for either of the below options on authorization.

    • SubscriptionKeyNotFound: Access denied due to missing subscription key. Make sure to include subscription key when making
      requests to API.
    • SubscriptionKeyInvalid: Access denied due to invalid subscription key. Make sure to provide a valid key for an active
      subscription.

    Thanks @Vitaliy Kurokhtin, see this page for additional information.

    Login or Signup to reply.
  2. 0

    Able to get the message that subscription key is required for getting the response when testing the Function API that has added in the APIM Instance:

    enter image description here

    If we miss the subscription key passing in headers, it enforces to pass the subscription key for getting response:

    enter image description here

    If a subscription key is provided, then the result will be successful:
    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search