question

ClaudioResende-8132 avatar image
0 Votes"
ClaudioResende-8132 asked PramodValavala-MSFT commented

Adding support to HTTP siganture to Azure API Management

I would like to have a backend service using spring boot Java, for security reasons I want to use Azure API Management as a frontend for my service.

Besides the OAuth2 which, I can use AD, I would like to have an extra security check, to check not only the request but also the message integrity, based on those premises https://tools.ietf.org/html/draft-cavage-http-signatures-10.


As I could find any tutorial for that, I would like to ask whether it is possible, in case yes, any documentation I could follow, or any workaround?
Thank you in advance.

azure-api-management
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

PramodValavala-MSFT avatar image
0 Votes"
PramodValavala-MSFT answered PramodValavala-MSFT commented

@ClaudioResende-8132 This is possible using policy expressions but I believe there is no sample for this exact scenario. Instead, you could refer to the following samples

The second sample should be like what you are trying to achieve.



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@ClaudioResende-8132 To elaborate, the second sample is to highlight how certain aspects of the signature construction can be achieved through policy expressions

As for enforcing it, the downstream service should validate the signature passed.



0 Votes 0 ·