Access denied due to missing subscription key

{tocify} $title={Table of Contents}

Issue

To test a functionapp api which I put behind APIM, I copied the URL and tried to trigger a request using Postman, but got following error:

Why it happened

It is one of the basic features APIM offers – security, only authorized users can send request to an API, unless explicitly allowed. Here the error returned by APIM engine is about missing Subscription Key, which is used to access the service (authorization).

Subscription Key  

In APIM each set of APIs are part of a Product and users need to subscribe to that product before they can access the APIs within it. The subscription has a primary and secondary key and one of these needs to be passed in the header of the request to the APIM. Thus securing your API from being called by anyone without a subscription key.

This(Error) happens in either of the scenario

1. The API which is called is not part of any Product
2. The request send to the APIM url does not have the subscription key in the header

For me it was the first case, where I missed to add the API to a product.

What to do

The very first step is to add the API to product, get the key and add it to header while making call. 

Add key in header 

Request without a key are stopped at the APIM gateway, never reaching your API backend

What if you want to allow public access to it ?

In that case you simply uncheck the Remove Subscription and can make call without key. 

Below is the result of calling APi in Test Product without subscription key through postman

If you have questions or suggestions, feel free to do in comments section below !!!

Do share if you find this helpful .......

 

                          Knowledge Sharing is Caring !!!!!!

Related Post

• Getting Started with Azure API Management - Fundamentals