API Management authentication policies

• 11/27/2017
• 2 minutes to read
• Contributors
  • 
  • 
  • 
  • 
  • 

This topic provides a reference for the following API Management policies. For information on adding and configuring policies, see Policies in API Management.

Authentication policies

• Authenticate with Basic - Authenticate with a backend service using Basic authentication.

• Authenticate with client certificate - Authenticate with a backend service using client certificates.

Authenticate with Basic

Use the authentication-basic policy to authenticate with a backend service using Basic authentication. This policy effectively sets the HTTP Authorization header to the value corresponding to the credentials provided in the policy.

Policy statement

<authentication-basic username="username" password="password" />  

Example

<authentication-basic username="testuser" password="testpassword" />  

Elements

Attributes

Usage

This policy can be used in the following policy sections and scopes.

• Policy sections: inbound

• Policy scopes: API

Authenticate with client certificate

Use the authentication-certificate policy to authenticate with a backend service using client certificate. The certificate needs to be installed into API Management first and is identified by its thumbprint.

Policy statement

<authentication-certificate thumbprint="thumbprint" />  

Example

<authentication-certificate thumbprint="....." />  

Elements

Attributes

Usage

This policy can be used in the following policy sections and scopes.

• Policy sections: inbound

• Policy scopes: API

Next steps

For more information working with policies, see:

• Policies in API Management
• Transform APIs
• Policy Reference for a full list of policy statements and their settings
• Policy samples