Protect an API in Azure API Management using OAuth - Step-by-Step Tutorial

Подписаться 2,2 тыс.

Просмотров 20 тыс.

50% 1

This comprehensive step-by-step tutorial demonstrates how to protect your APIs in Azure API Management using OAuth. OAuth is an open standard for authorization that enables secure access to your APIs without sharing user credentials. By integrating OAuth with Azure API Management, you can ensure that your API is accessible only to authorized users and applications.
📌 Timestamps:
00:00 - Introduction and Context
01:14 - OAuth Flow and Demo outline
01:51 - Demo
API Management Tutorial - • What is Azure API Mana...
Come and say Hi!
🌏 My Blog - srigunnala.com/
✅ LinkedIn - / srikanthg. .
☕Say Thank You! - www.buymeacoffee.com/srigunnala
Don't forget to like, share, and subscribe to stay up to date with the latest Azure and .NET tutorials!
#AzureAPIManagement #OAuth #APIsecurity

Наука

Опубликовано:

31 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 30

@merovingian8853 11 месяцев назад

Perfect! Loved the fact this this has clear explanation of what is being registered in AD and why. Thanks! helped me in setting up APIM.

@srigunnala 11 месяцев назад

I am glad you found it helpful! Cheers, Sri!

@bartleyrob 10 месяцев назад

very to the point thanks !

@satyakarri9277 4 месяца назад

Great video. Thanks for spending time to put it together.

@mannyb4265 2 месяца назад

Very good guide. Thank you.

@KrisMeister Год назад

This was quick but good. I have used Oauth plenty as a developer, but have never setup it up with Azure.

@dheeraj0076 Год назад

short and sweet demo with precise steps. Thank you :)

@srigunnala Год назад

I am gland you liked it. Thanks, Sri!

@stergiazotali2282 7 месяцев назад

Sweet and short! It helped me resolved my task!!

@srigunnala 7 месяцев назад

Thank you!

@samithafernando6432 11 месяцев назад

Is there a way to use another identity provider such as Okta or Auth0 and perform OIDC flow?

@DacarSoft 11 месяцев назад

Thanks, great video

@srigunnala 11 месяцев назад

Thank you!

@renanpinheiro1688 2 месяца назад

Thank you very much for your video, but I had a question: If I have more than one customer wanting to use my api, do I always need to create a new app for them to access? If so, how do I dynamically add a new scope in APIM policies?

@user-gb2vi9vo4l 9 месяцев назад

Great video! I want to secure powerautomate when a http request is recieved flow through api management could you please do a video on this as its not available in the entire internet.

@kotisadhu8410 3 месяца назад

Hi Sri, Can we apply SharePoint permissions to the azure app and authenticate the SharePoint api?

@adityakalburgi1548 7 месяцев назад

I am getting security recommendation as API endpoints in azure api management should be authenticated. I have openai as backend & I dont want to use Azure AD. How should I resolve this issue using other self service setup other than Azure AD. Can you please guide me on this?

@user-lf5es8oz5l 11 месяцев назад

I am unable to add my APIs which one is hosted on AKS, how can I add

@mediocre.climber 7 месяцев назад

Given that I know the url to the backend function, what stops me from calling it directly?

@ianwanjala8621 6 месяцев назад

how does this work in the dev portal?

@user-qc5hb2ud4e 11 месяцев назад

Hi @Sri Gunnala, thanks for the video. I have one doubt. If we can authentication in function app itself, then why do we need to configure Api management service?

@MarkoVukovic0 10 месяцев назад

This is for authorization, not authentication.

@amiitdas 7 месяцев назад

@Sri Gunnala- Hi Sri Gunnala, I am able to generate the access token by configuring this and also added the jwt-validation policy in inbound request of the api to protect it. The problem is even though I have added the aut token as bearer, it shows invalid auth token error. Do I need to make any configuration related settings in apim itself for open-id connect

@kesavprakash9580 6 месяцев назад

same for me got any solution?

@sumitsandhir5112 5 месяцев назад

Hi Please remove api:// from the scope while adding it inside name value section. Then try again, I hope it works.

@huskyanimal3888 3 месяца назад

@@sumitsandhir5112 Still doesn't work for me, any solution else ?

@dhanasekarapandiansrinivas4542 8 месяцев назад

Interesting.. is it possible to protect only few endpoints which path starts with some prefix? for example lets say /public/* are unprotected and /protected/api/* are all protected

@srigunnala 8 месяцев назад

Hello, Thanks for checking my video. You can simply separate them by product and apply policies at product-level

@ashok13m 8 месяцев назад

I don't want to supply client secret in client scripts ... we have thousands of devices call APIs through APIM. I don't want share client secret in devices