To test a functionapp api which I put behind APIM, I copied the URL and tried to trigger a request using Postman, but got following error:
It is one of the basic features APIM offers – security, only authorized users can send request to an API, unless explicitly allowed. Here the error returned by APIM engine is about Missing Subscription Key, which is used to access the service (authorization).
The very first step is to add the API to product, get the key and add it to header while making call.
Request without a key are stopped at the APIM gateway, never reaching your API backend
What if you want to allow public access to it ? In that case you simply uncheck the Remove Subscription and can make call without key.
Why it happened
It is one of the basic features APIM offers – security, only authorized users can send request to an API, unless explicitly allowed. Here the error returned by APIM engine is about Missing Subscription Key, which is used to access the service (authorization).
Subscription Key - In APIM each set of APIs are part of a Product and users need to subscribe to that product before they can access the APIs within it. The Subscription has a primary and secondary key and one of these needs to be passed in the header of the request to the APIM. Thus securing your API from being called by anyone without a subscription key
This happens in either of the scenario
- The API which is called is not part of any Product
- The request send to the APIM url does not have the subscription key in the header
For me it was the first case, where I missed to add the API to a product.
What to do
The very first step is to add the API to product, get the key and add it to header while making call.
Add key in header
Request without a key are stopped at the APIM gateway, never reaching your API backend
What if you want to allow public access to it ? In that case you simply uncheck the Remove Subscription and can make call without key.
Below is the result of calling APi in Test Product without subscription key through postman
