0

I have two different APIs under the same Azure API Management. Both of them can be called using a subscription key (they are also under the same product).

One of the APIs actually calls the other sometimes, so it is currently sending the subscription key too in the call.

Is there a way to configure the APIs or APIM so that they can call each other without requiring this key? A way the APIM can recognize the service and allow the call with any mechanism?

EDIT

I want to keep the need for a key when external services call these APIs. I just want to enable, if possible, a mechanism in which APIs under the same APIM do not need to use the subscription key to call each other, because somehow the APIM recognizes them.

Illustrating what I need:

If my APIM has two APIs A and B:

  • If A calls B it does not need a subscription key
  • If B calls A it does not need a subscription key
  • If an external source X calls A or B it needs a subscription key or receives a 401 response
Juan Francisco Porto
  • 51
  • 5
  • can you share the code please? – Ikhtesam Afrin Jun 05 '23 at 04:04
  • I don't have access to the code, i'm just administrating these APIs through Azure API Management. That's why I was wondering whether I could configure it (either with policies or something else) to allow APIs to call each other without needing to send a key. Then the developer would adjust their code, if needed. – Juan Francisco Porto Jun 05 '23 at 15:06

1 Answers1

0

You can configure the APIs in APIM to call each other without sending subscription key as follows-

Navigate to the respective product-

enter image description here

Uncheck and save

enter image description here

Navigate to the API where you don't want to pass the subscription key, uncheck the subscription key required option and save

enter image description here

Output-

enter image description here

You can refer to this SO Question as well.

Ikhtesam Afrin
  • 897
  • 1
  • 1
  • 6
  • Thanks for your reply. Whilst this indeed removes the need for a subscription key, this makes it so that anyone can call them without said key. My specific need is that, anything from outside the APIM should need the key to call, but services registered inside the APIM shouldn´t need it (which i don't know if is possible). I will edit my question to make this clarification. – Juan Francisco Porto Jun 06 '23 at 12:35
  • Please open a separate thread by providing details/configuration settings about how API A calls API B internally within the same APIM instance which will be easier to help. – Ikhtesam Afrin Jun 07 '23 at 06:30
  • I have not accepted ahe solution because it has not helped. – Juan Francisco Porto Jun 15 '23 at 11:47