Tuesday, September 4, 2018

Access denied due to missing subscription key

To test a functionapp api which I put behind APIM, I copied the URL and tried to trigger a request using Postman, but got following error:
access denied due to missing subscription key

Why it happened


It is one of the basic features APIM offers – security, only authorized users can send request to an API, unless explicitly allowed. Here the error returned by APIM engine is about missing Subscription Key, which is used to access the service (authorization).


Subscription Key - In APIM each set of APIs are part of a Product and users need to subscribe to that product before they can access the APIs within it. The subscription has a primary and secondary key and one of these needs to be passed in the header of the request to the APIM. Thus securing your API from being called by anyone without a subscription key
This happens in either of the scenario
  1. The API which is called is not part of any Product
  2. The request send to the APIM url does not have the subscription key in the header


For me it was the first case, where I missed to add the API to a product.


What to do



The very first step is to add the API to product, get the key and add it to header while making call. 
copy subscription key

Add key in header 



Request without a key are stopped at the APIM gateway, never reaching your API backend


What if you want to allow public access to it ? In that case you simply uncheck the Remove Subscription and can make call without key. 
Adding new product  in APIM

Below is the result of calling APi in Test Product without subscription key through postman



Related Post






No comments:

Post a Comment