question

GrahamAllwood-4295 avatar image
0 Votes"
GrahamAllwood-4295 asked ·

AuthorizationLevel Function has no effect when called from API Manager

Hi,

I have a Function with AuthorizationLevel set to Function. When I call it from Postman with no key, I get a 401 Unauthorized. Now, if I use APIM to font my Azure Function, with no authentication in APIM, it will quite happily call my Function with now key and it succeeds. I was just wondering why this is? I would have expected to have to set which key to use (in APIM) when it calls my Function.

Any insight would be great.

Thanks

Graham

azure-functionsazure-api-management
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MayankBargali-MSFT avatar image
1 Vote"
MayankBargali-MSFT answered ·

Hi @GrahamAllwood-4295

Welcome to Microsoft Q&A! Thanks for posting the question.

When you import function as API in APIM a new host key with the name apim-{your APIM Instance name} will be created and you can navigate to your function app to verify the same. Now a new named value (your Azure Function App instance name}-key as name and the new key that is generated) will also be created on your APIM instance and you can verify the same by navigating the "Named values" section on your APIM instance.

For APIs created after April 4th 2019, the host key is passed in HTTP requests from API Management to the Function App in a header. Older APIs pass the host key as a query parameter.

That is the reason you don't have to specify the authentication of function explicitly as it is taken care while importing the function as API.

Reference: https://docs.microsoft.com/en-us/azure/api-management/import-function-app-as-api#authorization

78215-image.png

Let me know if you have any queries or concerns.

Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.


image.png (45.5 KiB)
·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.