Add SasToken (#24161)

koyasu221b · Will Huang · web-flow · commit be63fad20943 · 2023-05-25T09:52:02.000-07:00
Co-authored-by: Will Huang &lt;huangwill@microsoft.com&gt;
diff --git a/specification/maps/data-plane/Search/preview/2022-12-01-preview/search.json b/specification/maps/data-plane/Search/preview/2022-12-01-preview/search.json
@@ -28,6 +28,12 @@
       "description": "This is a shared key that is provisioned when creating an [Azure Maps resource](https://aka.ms/amauth) through the Azure management plane  via Azure portal, PowerShell, CLI, Azure SDKs, or REST APIs.\n\n With this key, any application is authorized to access  all REST APIs. In other words, these can currently be treated as master keys to the account which they are issued for.\n\n For publicly exposed applications, our recommendation is to use server-to-server access of Azure Maps REST APIs where this key can be  securely stored.",
       "name": "subscription-key",
       "in": "header"
+    },
+    "SasToken": {
+      "type": "apiKey",
+      "description": "This is a shared access signature token is created from the List SAS operation on the [Azure Maps resource](https://aka.ms/amauth) through the Azure management plane via Azure portal, PowerShell, CLI, Azure SDKs, or REST APIs.\n\n With this token, any application is authorized to access with Azure role-based access controls and fine-grain control to the expiration, rate, and region(s) of use for the particular token. In other words, the SAS Token can be used to allow applications to control access in a more secured way than the shared key.\n\n For publicly exposed applications, our recommendation is to configure a specific list of allowed origins on the [Map account resource](https://aka.ms/amauth) to limit rendering abuse and regularly renew the SAS Token.",
+      "name": "SAS Token",
+      "in": "header"
     }
   },
   "security": [
@@ -38,6 +44,9 @@
     },
     {
       "AzureKey": []
+    },
+    {
+      "SasToken": []
     }
   ],
   "responses": {},
