Andrew Wilson's Blog

{ ... Plan - Architect - Develop - Reflect - Improve - Repeat ... }

Easy Auth | Standard Logic App with Azure API Management

Overview The recent work that I have been doing with Standard Logic Apps and linking them as backends to Azure API Management has relied on the use of the Logic App Workflow SAS key for security. This is a valid authentication approach, but there are risks that you need to be aware of as well as best practices that you need to be abiding by. Such as: Some Potential Risks:

Posted by Andrew Wilson on Friday, February 16, 2024

Azure API Management | Unintentional Pass through of Subscription Key Header

Problem Space There is a potential unintentional side effect when you add a APIM subscription key as a header to an inbound request. The header is not stripped from the request prior to being sent to the configured backend service. Rather it is retained. If you manage the backing service and are not concerned with the disclosure of the subscription key, then no problem. However, being overly permissive of this information may make your API more vulnerable to security threats and disallows a separation of concerns.

Posted by Andrew Wilson on Tuesday, November 21, 2023

avatar

Andrew Wilson
Husband - Father - Principal Consultant at Black Marble.

Has a passion for creating software [especially solution integrations] that help others execute their jobs faster and more efficiently.

QUICK LINKS
FEATURED TAGS
api-management apim apim-policy arm azure azure-devops azure-portal bicep biztalk biztalk-deployment-framework btdf dsc fluent-ui git keyvault logic-app logic-app-standard nerd-fonts office-ui-fabric ohmyposh powershell rbac react roles sso storage-account strong-name-key swagger typescript vs-code windows-terminal winget winget-configuration yaml-pipeline