Nice and straight to the point video, though, I have a small comment. Yes I can research the net to get the full curl syntax, but do you really think it's more important to watch you talk than seeing the command? you could've moved your frame a little to show the whole command! Thanks anyways, it's a helpful and video.
Great introduction! How does the Api manager know how to authenticate with the registered apis? I didn't see any option to enter api-keys in that form...
Nice video, great explanation, The APIs for internal consumption should also be in the APIM?, Where should the internal APIs be in order to be managed?, Thank you!
Great video. Thanks! I am not familar but is the same primary key will also be used and put in the header when client or frontend web makes an API request? Would that primary key be exposed to hacker ? Thanks
Yes. The PK is part of every request as a query parameter or as a header. Having said that, subscription keys should not be seen as a security barrier as they easily can be exploited. I see them more as a way to control what APIs can be accessed by your "nice" API consumers. A bad API consumer might get past APIM which makes additional security preventions super important.
@@svenmalvik I appreciate your fast response. For the frontend web app and backend API app scenario, should backend API expect a bearer token (via AAD) + subscription key from frontend web app ? Because of this combination of bearer token and subscription key, it is more secure than just using the subscription key? I am a newbie to all of these.
facing an issue when providing http request of power automate to wrap the flow { "error": { "code": "DirectApiAuthorizationRequired", "message": "The request must be authenticated only by Shared Access scheme." } } even set the Authorization Header as delete please kindly provide me inputs if you have any