Thank you for posting this video! You explained everything step by step so clearly. Microsoft has updated the demo URL, but your video was incredibly helpful in guiding me to find the new URL on their website. Much appreciated!
Great! Straight to the point! But what I didn't understand is, openapi.json will just have API schema details. How is the response being populated. Did you skip the part of API implementation?
Hey, nice video man. I am using an APIM with my backend. The backend is protected by jwt tokens and the APIM with my subscription key. My question is that: 1) Can the subscription key be exposed at the frontend? Because if not, I have to setup a middleware/server to just pass the request from the frontend to the APIM, with the key in the middleware/server (which is inefficient) 2) Is the APIM key in this case even required? Since my backend is already protected by a jwt token?
Nice and straight to the point video, though, I have a small comment. Yes I can research the net to get the full curl syntax, but do you really think it's more important to watch you talk than seeing the command? you could've moved your frame a little to show the whole command! Thanks anyways, it's a helpful and video.
Great introduction! How does the Api manager know how to authenticate with the registered apis? I didn't see any option to enter api-keys in that form...
Nice video, great explanation, The APIs for internal consumption should also be in the APIM?, Where should the internal APIs be in order to be managed?, Thank you!
Great video. Thanks! I am not familar but is the same primary key will also be used and put in the header when client or frontend web makes an API request? Would that primary key be exposed to hacker ? Thanks
Yes. The PK is part of every request as a query parameter or as a header. Having said that, subscription keys should not be seen as a security barrier as they easily can be exploited. I see them more as a way to control what APIs can be accessed by your "nice" API consumers. A bad API consumer might get past APIM which makes additional security preventions super important.
@@svenmalvik I appreciate your fast response. For the frontend web app and backend API app scenario, should backend API expect a bearer token (via AAD) + subscription key from frontend web app ? Because of this combination of bearer token and subscription key, it is more secure than just using the subscription key? I am a newbie to all of these.
facing an issue when providing http request of power automate to wrap the flow { "error": { "code": "DirectApiAuthorizationRequired", "message": "The request must be authenticated only by Shared Access scheme." } } even set the Authorization Header as delete please kindly provide me inputs if you have any
Thank you for posting this video! You explained everything step by step so clearly. Microsoft has updated the demo URL, but your video was incredibly helpful in guiding me to find the new URL on their website. Much appreciated!
Really helpful! Thank you
Beautiful, thanks for sharing.
Best video for starting with Azure API Management. Thanks mate.
Thanks so much!
Thank you very much for this. It sure was insightful.
Thank you very nice and succinct!!!
I like how you got to the point and showed how to use the product. Subscribed
Short and to the point, thank you!
Nice succinct video guide, Danke Sven!
Thanks for this amazing introduction video!
Thank you for this very informative video.
Thanks for the video! Very informative introduction.
thanks for the video, quite helpful
Great! Straight to the point! But what I didn't understand is, openapi.json will just have API schema details. How is the response being populated.
Did you skip the part of API implementation?
good and quick explanation.
nice one! thanks
Hey, nice video man. I am using an APIM with my backend. The backend is protected by jwt tokens and the APIM with my subscription key. My question is that:
1) Can the subscription key be exposed at the frontend? Because if not, I have to setup a middleware/server to just pass the request from the frontend to the APIM, with the key in the middleware/server (which is inefficient)
2) Is the APIM key in this case even required? Since my backend is already protected by a jwt token?
Nice and straight to the point video, though, I have a small comment. Yes I can research the net to get the full curl syntax, but do you really think it's more important to watch you talk than seeing the command? you could've moved your frame a little to show the whole command!
Thanks anyways, it's a helpful and video.
Great introduction! How does the Api manager know how to authenticate with the registered apis? I didn't see any option to enter api-keys in that form...
Excellent explanation
Could you please show me how to extract all APIs in azure gateway in JSON file as I need to upload it to my elasticsearch cloud
Nice video, great explanation, The APIs for internal consumption should also be in the APIM?, Where should the internal APIs be in order to be managed?, Thank you!
Great video. Thanks! I am not familar but is the same primary key will also be used and put in the header when client or frontend web makes an API request? Would that primary key be exposed to hacker ? Thanks
Yes. The PK is part of every request as a query parameter or as a header. Having said that, subscription keys should not be seen as a security barrier as they easily can be exploited. I see them more as a way to control what APIs can be accessed by your "nice" API consumers. A bad API consumer might get past APIM which makes additional security preventions super important.
@@svenmalvik I appreciate your fast response. For the frontend web app and backend API app scenario, should backend API expect a bearer token (via AAD) + subscription key from frontend web app ? Because of this combination of bearer token and subscription key, it is more secure than just using the subscription key? I am a newbie to all of these.
Hi, do I need to follow the same process to host a Spring API?
facing an issue when providing http request of power automate to wrap the flow
{
"error": {
"code": "DirectApiAuthorizationRequired",
"message": "The request must be authenticated only by Shared Access scheme."
}
}
even set the Authorization Header as delete please kindly provide me inputs if you have any
How can we disable an API in APIM
not working resource name .I change it several time not working
How to give access to customers with auth?