1

We have Azure APIM exposing API for angular application. But it seems that there is no way to secure the subscription key for public APIs. So what is the best way to expose the API for angular application? Is there quick way to expose the API with same definition but through API app or any other azure feature?

-Rajesh

Rajesh
  • 301
  • 3
  • 8

1 Answers1

0

When you test the API from the Azure portal, you might notice that you can select a subscription key that is sent with the test as in below image. This key authorizes you need to use the API as per default, the API is protected and can't be used without authorization.

enter image description here

There are many option available to encrypt and decrypt subscription key. You need to encrypt the subscription key and store it an encrypted form in Web.config.` Before invoking the API you need to Decrypt it at runtime to get its actual value from within the code.

For more information Please Refer the below links:-

.Azure API Managment.

. Create an API| MS DOC.

.Creating on-premise API using Azure API management

AjayKumarGhose
  • 4,257
  • 2
  • 4
  • 15
  • Thanks Ajay, for your response. The issue is passing the subscription key from client side .i.e from angular application. As you mentioned before calling the API we need to decrypt the subscription and then call the API, so in this case, subscription key will be visible in developer tools. – Rajesh Sep 07 '21 at 19:33
  • Could you please refer this https://stackoverflow.com/questions/57111256/azure-api-management-how-to-secure-subscription-key – AjayKumarGhose Sep 10 '21 at 08:09