You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/api-center/authorize-api-access.md
+18-13Lines changed: 18 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -55,14 +55,16 @@ To manage the API key securely, store it in Azure Key Vault, and access the key
55
55
1. In the **Add configuration** page, set the values as follows:
56
56
:::image type="content" source="media/authorize-api-access/configure-api-key.png" alt-text="Screenshot of configuring an API key in the portal.":::
57
57
58
-
1. Enter a **Title** (name) and optional **Description** for the configuration.
59
-
1. In **Security scheme**, select **API Key**.
60
-
1. In **API key location**, select how the key is presented in API requests. Available values are **Header** (request header) and **Query** (query parameter).
61
-
1. In **API key parameter name**, enter the name of the HTTP header or query parameter that contains the API key. For example, `x-api-key`.
62
-
1. In **API key Key Vault secret reference**, enter the URI of the secret in your key vault that contains the API key. This is a URI of the form `https://<key-vault-name>.vault.azure.net/secrets/<secret-name>/<version>`.
|**Description**| Optional description for the authorization. |
62
+
|**Security scheme**| Select **API Key**. |
63
+
|**API key location**| How the key is presented in API requests. Available values are **Header** (request header) and **Query** (query parameter). |
64
+
|**API key parameter name**| Name of the HTTP header or query parameter that contains the API key. Example: `x-api-key`|
65
+
|**API key Key Vault secret reference**| Secret identifier of the API key in Azure Key Vault. Example: `https://<key-vault-name>.vault.azure.net/secrets/<secret-name>/<version>`|
64
66
65
-
:::image type="content" source="media/authorize-api-access/configure-api-key.png" alt-text="Screenshot of configuring an API key in the portal.":::
67
+
1. Select **Create**.
66
68
67
69
## Option 2: Configure settings for OAuth 2.0 authorization
68
70
@@ -92,12 +94,12 @@ The following example shows how to create an app registration in Microsoft Entra
92
94
1. Copy the client secret's **Value** before leaving the page. You will need it in the following section.
93
95
1. Optionally, add API scopes in your app registration. For more information, see [Configure an application to expose a web API](/entra/identity-platform/quickstart-configure-app-expose-web-apis#add-a-scope).
94
96
95
-
In the following section, you will need the following values from the app registration:
97
+
When you configure OAuth 2.0 authorization in your API center, you will need the following values from the app registration:
96
98
97
99
* The **Application (client) ID** from the app registration's **Overview** page, and the **Client secret** you copied previously.
98
100
* The following endpoint URLs on the app registration's **Overview** > **Endpoints** page:
99
101
***OAuth2.0 authorization endpoint (v2)** - the authorization endpoint for Microsoft Entra ID
100
-
***OAuth 2.0 token endpoint (v2)** - the token URL endpoint for Microsoft Entra ID
102
+
***OAuth 2.0 token endpoint (v2)** - the token endpoint and token refresh endpoint for Microsoft Entra ID
101
103
* Any API scopes configured in the app registration.
102
104
103
105
### 2. Store client secret in Azure Key Vault
@@ -112,20 +114,23 @@ To manage the secret securely, store it in Azure Key Vault, and access the key v
112
114
1. In the left menu, under **Assets**, select **Authorization (preview)** > **+ Add configuration**.
113
115
1. In the **Add configuration** page, set the values as follows:
114
116
117
+
:::image type="content" source="media/authorize-api-access/configure-oauth.png" alt-text="Screenshot of configuring OAuth 2.0 in the portal.":::
|**Title**| A name and optional description for the authorization. |
122
+
|**Title**| A name for the authorization. |
118
123
|**Description**| Optional description for the authorization. |
119
-
|**Security scheme**| Select **OAuth2**. |
124
+
|**Security scheme**| Select **OAuth2**. |
120
125
|**Client ID**| Client ID of the app that you created in the previous section. |
121
-
|**Client secret**|Enter the secret identifier of the client secret in Azure Key Vault. Example: |
126
+
|**Client secret**|Secret identifier of the client secret in Azure Key Vault. Example: `https://<key-vault-name>.vault.azure.net/secrets/<secret-name>/<version>`|
122
127
|**Authorization URL**| OAuth 2.0 authorization endpoint for the identity provider. |
123
128
|**Token URL**| OAuth 2.0 token endpoint for the identity provider. |
124
129
|**Refresh URL**| OAuth 2.0 refresh token endpoint for the identity provider. For most providers, same as the Token URL. |
125
130
|**OAuth2 flow**| One or both of the OAuth 2.0 flows that you want to use. Available values are **Authorization code (PKCE)** and **Client credentials**. |
126
131
|**Scopes**| One or more API scopes configured for your API, separated by spaces. If no scopes are configured, enter `.default`. |
127
132
128
-
1. Select **Create** to save the configuration. |
133
+
1. Select **Create** to save the configuration.
129
134
130
135
## Add authentication configuration to an API version
0 commit comments