How to solve AbuseProtectionResponseFailed in Azure Web PubSub - server protocol - event handler?

Question

I am trying to configure my Server (hosted by Azure AKS and proxied by API management service, using Azure-AD Oauth-Flow authentication) to receive cloud events like "connected" and "disconnected" by Azure Web PubSub. Either if I configure user assigned managed identity in Web PubSub, or system assigned managed identity with our default AAD, I am getting undocumented error in Web PubSub Live Trace Tool when receiving connected/disconnected events:

• Event Name: AbuseProtectionResponseFailed
• Message: Abuse protection validation for 'https://api..../.../.../webpubsub/eventhandler/validate' failed.
• Exception: Failed to get authentication header.

How to solve it?

More info:

1. I don't want to expose https://api..../.../.../webpubsub/eventhandler/validate without authentication. It's not secure enough
2. I don't want to use Event Listener with Event Hub, because its in Preview and I don't want to provision a new Event Hub
3. Nothing is logged by APIM and by the POD => means Azure Web PubSub has the problem before invoking the validate method
4. I can call the OPTIONS validate method directly through APIM with Swagger and I am getting 200
5. If called with Swagger the method responds with both of headers: WebHook-Allowed-Origin: * WebHook-Allowed-Rate: *
6. Everything else works fine:

• Client Protocol: OK
• Server Protocol - Connection Manager: OK