skip to Main Content

What’s the difference between the Microsoft.ApiManagement/service/portalsettings and Microsoft.ApiManagement/service/portalconfigs resources of Azure API Management?

I want to deploy some Azure API Management Developer Portal configuration using Bicep. One of items is to remove the ‘Username and password’ Identity Provider because we’re going to use Microsoft Entra Id. But I’m not sure what to use.

I’ve removed the Identity Provider manually and noticed that both the enabled property in the portalsettings resource (name signup) is set to false and that the enableBasicAuth property in the portalconfigs resource is set to false.

I couldn’t find anything in the documentation that explains the difference between the two resources.

2

Answers


  1. Chosen as BEST ANSWER

    I did a couple of test deployments and they actually seem to overlap and influence eachother.

    For example:

    • If you enable the enableBasicAuth property in the portalconfigs, you also enable the portalsettings with name signup and vice versa.
    • If you set the terms of service text via the portalsettings resource, you also configure the terms of service text in the portalconfigs resource and vice versa.

    So deploying the following bicep will update the portalsettings resources and also the portalconfigs resource:

    resource portalsettingsSignin 'Microsoft.ApiManagement/service/portalsettings@2022-08-01' = {
      name: 'signin'
      parent: apimService
      properties: {
        enabled: true // also changes /portalconfigs/properties/signin/require
      }
    }
    
    resource portalsettingsSignup 'Microsoft.ApiManagement/service/portalsettings@2022-08-01' = {
      name: 'signup'
      parent: apimService
      properties: {
        enabled: true // also changes /portalconfigs/properties/enableBasicAuth
        termsOfService: {
          consentRequired: true // also changes /portalconfigs/properties/signup/termsOfService/requireConsent
          text: 'My Terms of Service' // also changes /portalconfigs/properties/signup/termsOfService/text
          enabled: false  // doesn't seem to change anything in /portalconfigs
        }
      }
    }
    

    And the following Bicep has the same effect as the sample above:

    resource protalconfigs 'Microsoft.ApiManagement/service/portalconfigs@2022-08-01' = {
      name: 'default'
      parent: apimService
      properties: {
        enableBasicAuth: true
        signin: {
          require: true
        }
        signup: {
          termsOfService: {
            requireConsent: true
            text: 'My Terms of Service'
          }
        }
      }
    }
    

  2. Yes, there is a slight difference between PortalSettings and PortalConfigs in Azure Api Management service.

    Microsoft.ApiManagement/service/portalsettings:

    This mainly focusses on the user account management part like sign in and login features on the developer portal, enabling or disabling the ability for users to sign up and controlling the available methods for user authentication, such as Azure AD etc.

    Microsoft.ApiManagement/service/portalconfigs:

    This manages overall the configuration options on the developer portal and focusses on the authentication like enableBasicAuth.

    Also, this resource provider can be used to set up the disabling of basic authentication, typically done when transitioning to alternative authentication methods. (Your scenario)

    Noticed that both the enabled property in the portalsettings resource (name signup) is set to false and that the enableBasicAuth property in the portalconfigs resource is set to false:

    The above observation is correct.

    • Setting enabled to false in portalsettings ( signup) disables user sign-up through the developer portal.
    • Setting enableBasicAuth to false in portalconfigs disables basic authentication.

    I tried below sample bicep code execution for Portal Settings (user related) behavior and was succeeded as shown.

    resource apima 'Microsoft.ApiManagement/service@2023-05-01-preview' existing= {
    name: 'xxxapimgmt'
    }
    resource sett 'Microsoft.ApiManagement/service/portalsettings@2023-05-01-preview' = {
      name: 'signin'
      parent: apima
      properties: {
        enabled: true
      }
    }
    

    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search