I am very new to Azure Api management. This is my 2nd day with Azure cloud and Api management. So my question may sound very naive.
I am using Bubble a no code solution as the front end. It handles my user authentication and authorization. I want to use API management to be connected with Bubble. Bubble can call apis with an inbuilt plugin. But the problem is that users can see the network calls in the browser and see the api tokens. If I would have been using JWT authentication, every user would have their own JWT token and it would not be a problem for me.
But right now, I am using a global key, which is subscription key from API management to access the data from bubble. If a logged in bubble user gets hold of the key from the browser and pass in the right params, they will be able to access the data without any fail. This can continue for a long time as the keys are not update as frequently as JWT.
How to I authenticate in API management that the call I am getting is from an authenticated bubble user. I read on the documentation that there are three ways to connect to API management.
1. Basic auth
3. Azure active directory
I can not use Baisc auth and I do not have user name and password in the front end. It is managed by bubble. I do not understand how Certificates and Azure active directory can help me with this problem.
My question is similar to this question just with different front end: https://stackoverflow.com/questions/57111256/azure-api-management-how-to-secure-subscription-key
I am sorry if this sounds like more of a bubble question. But any help would be appreciated.