API Management authentication policies

This topic provides a reference for the following API Management policies. For information on adding and configuring policies, see Policies in API Management.

Authentication policies

Authenticate with Basic

Use the authentication-basic policy to authenticate with a backend service using Basic authentication. This policy effectively sets the HTTP Authorization header to the value corresponding to the credentials provided in the policy.

Policy statement

<authentication-basic username="username" password="password" />  

Example

<authentication-basic username="testuser" password="testpassword" />  

Elements

Name Description Required
authentication-basic Root element. Yes

Attributes

Name Description Required Default
username Specifies the username of the Basic credential. Yes N/A
password Specifies the password of the Basic credential. Yes N/A

Usage

This policy can be used in the following policy sections and scopes.

  • Policy sections: inbound

  • Policy scopes: API

Authenticate with client certificate

Use the authentication-certificate policy to authenticate with a backend service using client certificate. The certificate needs to be installed into API Management first and is identified by its thumbprint.

Policy statement

<authentication-certificate thumbprint="thumbprint" />  

Example

<authentication-certificate thumbprint="....." />  

Elements

Name Description Required
authentication-certificate Root element. Yes

Attributes

Name Description Required Default
thumbprint The thumbprint for the client certificate. Yes N/A

Usage

This policy can be used in the following policy sections and scopes.

  • Policy sections: inbound

  • Policy scopes: API

Next steps

For more information working with policies, see: