Merge pull request #300685 from dlepow/apickv

[APIC] UX updates: select secret from KV, integrations

Author: JamesJBarnett

articles/api-center/authorize-api-access.md

@@ -4,7 +4,7 @@ description: Learn how to configure access to APIs in the Azure API Center inven
 author: dlepow
 ms.service: azure-api-center
 ms.topic: how-to
-ms.date: 04/30/2025
+ms.date: 06/02/2025
 ms.author: danlep 
 ms.custom: 
 # Customer intent: As an API program manager, I want to store API authorization information in my API center and enable authorized users to test APIs in the API Center portal.
@@ -57,12 +57,12 @@ To manage the API key securely, store it in Azure Key Vault, and access the key
 
     | **Setting**            | **Description**                                                                                                                                               |
     |-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|
-    | **Title**              | A name for the authorization.                                                |
-    | **Description**        | Optional description for the authorization.                  |
+    | **Title**              | Enter a name for the authorization.                                                |
+    | **Description**        | Optionally, enter a description for the authorization.                  |
     | **Security scheme**    | Select **API Key**.                                                                                    |
-    |**API key location**    | How the key is presented in API requests. Available values are **Header** (request header) and **Query** (query parameter).                                                               |
-    | **API key parameter name**      | Name of the HTTP header or query parameter that contains the API key. Example: `x-api-key`                                                        |
-    | **API key Key Vault secret reference**      | Secret identifier of the API key in Azure Key Vault. Example: `https://<key-vault-name>.vault.azure.net/secrets/<secret-name>/<version>`  |
+    |**API key location**    | Select how the key is presented in API requests. Available values are **Header** (request header) and **Query** (query parameter).                                                               |
+    | **API key parameter name**      | Enter the name of the HTTP header or query parameter that contains the API key. Example: `x-api-key`                                                        |
+    | **API key Key Vault secret reference**      | Click **Select** and select the subscription, key vault, and secret that you stored. Example: `https://<key-vault-name>.vault.azure.net/secrets/<secret-name>`  |
 
 1. Select **Create**.
 
@@ -114,24 +114,24 @@ To manage the secret securely, store it in Azure Key Vault, and access the key v
 1. In the left menu, under **Governance**, select **Authorization (preview)** > **+ Add configuration**.
 1. In the **Add configuration** page, set the values as follows:
 
-    :::image type="content" source="media/authorize-api-access/configure-oauth.png" alt-text="Screenshot of configuring OAuth 2.0 in the portal.":::
+    :::image type="content" source="media/authorize-api-access/configure-oauth.png" lightbox="media/authorize-api-access/configure-oauth.png" alt-text="Screenshot of configuring OAuth 2.0 in the portal.":::
 
 
     > [!NOTE]
     > Configure settings based on the app registration you created previously in your identity provider. If you're using Microsoft Entra ID, find the **Client ID** on the **Overview** page of the app registration, and find the URL endpoints on the **Overview** > **Endpoints** page. 
 
     | **Setting**            | **Description**                                                                                                                                               |
     |-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|
-    | **Title**              | A name for the authorization.                                                                                                 |
-    | **Description**        | Optional description for the authorization.                                                                                                                   |
+    | **Title**              | Enter a name for the authorization.                                                                                                 |
+    | **Description**        | Optionally, enter a description for the authorization.                                                                                                                   |
     | **Security scheme**    | Select **OAuth2**.                                                                  |
-    | **Client ID**          | Client ID (GUID) of the app that you created in your identity provider.                                                                                     |
-    | **Client secret**      | Secret identifier of the client secret in Azure Key Vault.<br/><br/>Example: `https://<key-vault-name>.vault.azure.net/secrets/<secret-name>/<version>`                                                                               |
-    | **Authorization URL**  | OAuth 2.0 authorization endpoint for the identity provider.<br/><br/>Example for Microsoft Entra ID: `https://login.microsoftonline.com/<tenant>/oauth2/v2.0/authorize`                                                                                      |
-    | **Token URL**          | OAuth 2.0 token endpoint for the identity provider.<br/><br/>Example for Microsoft Entra ID: `https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token`                                                                                            |
-    | **Refresh URL**        | OAuth 2.0 token refresh endpoint for the identity provider. For most providers, same as the **Token URL**<br/><br/>Example for Microsoft Entra ID: `https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token`                                                                                                |
-    | **OAuth2 flow**        | One or both of the OAuth 2.0 flows that you want to use. Available values are **Authorization code (PKCE)** and **Client credentials**.               |
-    | **Scopes**             | One or more API scopes configured for your API, separated by spaces. If no scopes are configured, enter `.default`.                                                   |
+    | **Client ID**          | Enter the client ID (GUID) of the app that you created in your identity provider.                                                                                     |
+    | **Client secret**      | Click **Select** and select the subscription, key vault, and client secret that you stored.<br/><br/>Example: `https://<key-vault-name>.vault.azure.net/secrets/<secret-name>`                                                                               |
+    | **Authorization URL**  | Enter the OAuth 2.0 authorization endpoint for the identity provider.<br/><br/>Example for Microsoft Entra ID: `https://login.microsoftonline.com/<tenant>/oauth2/v2.0/authorize`                                                                                      |
+    | **Token URL**          | Enter the OAuth 2.0 token endpoint for the identity provider.<br/><br/>Example for Microsoft Entra ID: `https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token`                                                                                            |
+    | **Refresh URL**        | Enter the OAuth 2.0 token refresh endpoint for the identity provider. For most providers, same as the **Token URL**<br/><br/>Example for Microsoft Entra ID: `https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token`                                                                                                |
+    | **OAuth2 flow**        | Select one or both of the OAuth 2.0 flows that you want to use. Available values are **Authorization code (PKCE)** and **Client credentials**.               |
+    | **Scopes**             | Enter one or more API scopes configured for your API, separated by spaces. If no scopes are configured, enter `.default`.                                                   |
 
 1. Select **Create** to save the configuration.
 

articles/api-center/includes/store-secret-key-vault.md

@@ -14,9 +14,6 @@ ms.custom: Include file
 
 To store the API key as a secret in the key vault, see [Set and retrieve secret in Key Vault](/azure/key-vault/secrets/quick-create-portal).
 
-> [!NOTE]
-> The *secret identifier* of the secret appears on the secret's details page. This is a URI of the form `https://<key-vault-name>.vault.azure.net/secrets/<secret-name>/<version>`. You need this value when you configure the secret in your API center.
-
 #### Enable a managed identity in your API center
 
 For this scenario, your API center uses a [managed identity](/entra/identity/managed-identities-azure-resources/overview) to access the key vault. Depending on your needs, enable either a system-assigned or one or more user-assigned managed identities. 

articles/api-center/media/authorize-api-access/configure-api-key.png

@@ -4,7 +4,7 @@ description: Integrate an API Management instance to Azure API Center for automa
 author: dlepow
 ms.service: azure-api-center
 ms.topic: how-to
-ms.date: 01/23/2025
+ms.date: 06/02/2025
 ms.author: danlep 
 ms.custom: devx-track-azurecli
 # Customer intent: As an API program manager, I want to integrate my Azure API Management instance with my API center and synchronize API Management APIs to my inventory.
@@ -66,8 +66,8 @@ You can integrate an API Management instance using the portal or the Azure CLI.
 #### [Portal](#tab/portal)
 
 1. In the [portal](https://portal.azure.com), navigate to your API center.
-1. Under **Assets**, select **Environments**.
-1. Select **Integrations (preview)** > **+ New integration** > **From Azure API Management**.
+1. Under **Platforms**, select **Integrations**.
+1. Select **+ New integration** > **From Azure API Management**.
 1. In the **Integrate your Azure API Management Service** page:
     1. Select the **Subscription**, **Resource group**, and **Azure API Management service** that you want to integrate.
     1. In **Integration details**, enter an identifier.

articles/api-center/media/authorize-api-access/configure-oauth.png

@@ -4,7 +4,7 @@ description: Integrate an Amazon API Gateway to Azure API Center for automatic s
 author: dlepow
 ms.service: azure-api-center
 ms.topic: how-to
-ms.date: 02/10/2025
+ms.date: 06/02/2025
 ms.author: danlep 
 ms.custom: 
   - devx-track-azurecli
@@ -97,10 +97,11 @@ You can integrate an Amazon API Gateway using the portal or the Azure CLI.
 
 #### [Portal](#tab/portal)
 1. In the [portal](https://portal.azure.com), navigate to your API center.
-1. Under **Assets**, select **Environments**.
-1. Select **Integrations (preview)** > **+ New integration** > **From Amazon API Gateway**.
+1. Under **Platforms**, select **Integrations**.
+1. Select **+ New integration** > **From Amazon API Gateway**.
 1. In the **Integrate your Amazon API Gateway Service** page:
-    1. Enter the Key Vault secret identifiers for the AWS access key and secret access key, and the AWS region where the Amazon API Gateway is deployed.
+    1. For the **AWS access key** and **AWS secret access key**, click **Select** and select the subscription, key vault, secret that you stored. 
+    1. Select the **AWS region** where the Amazon API Gateway is deployed.
     1. In **Integration details**, enter an identifier.
     1. In **Environment details**, enter an **Environment title** (name), **Environment type**, and optional **Description**.
     1. In **API Details**: