I have an azure APIM with a custom domain and multiple APIs like shown in the screen shot below:-
Each of these APIs have several endpoints underneath them and all of them have the same host name. There is a Negotiate Client Certificate setting on the custom domain level, I only want to turn that setting on for one of these APIs and not for the other 3. Is that possible?
2
Answers
It depends on the APIM SKU. If your APIM is on Consumption tier, you can only enable/disable client certificate negotiation at the custom domain level. If your APIM is on Developer, Basic, Standard, or Premium tier then you can control this setting at endpoint level.
Reference is here
That is not possible, if it is enabled on the custom domain, all the connections through that custom domains will initiate a client certificate request.
It does not hurt if it is enabled for all the Apis, if the client ignores the certificate request, the call will not fail unless your api has a logic to validate the certificate and because of that, only have your certificate validation logic only at the Api level.
see this for more details Multiple APIs within Azure APIM with different authentication requirements