Provides you with a way to configure an authentication method for your Hosted API. This page will have a list of authentication methods and details. There are two types of authentication methods that can be added to a Hosted API. You cannot publish an API without at least one authentication method configured for it.

1. Subscription key authentication method

The subscription key method listing will have details and links including:

  • Add an authentication method link - let you to configure an authentication method.
  • Edit link - let you to add or edit a subscription key.
  • Delete link - let you to delete a subscription key.
  • Enabled - Indicates if a Subscription key is mandatory (Yes or No).
  • Auto-enforcement - Indicates if Subscription key and an authentication method is mandatory. Hence, the API cannot be accessed without a valid Subscription key.
  • Header name - The name of the API request header parameter which value are then assigned to.
  • Query parameter name - The name of the request query parameter name which values are assigned to.

When you add a new Hosted API to a workspace, it will automatically have the following default values which you can then edit:

  • Enabled - Set to 'Yes'.
  • Auto-enforcement - Set to 'Yes'.
  • Header name - Assigned the value 'Ocp-Apim-Subscription-Key'
  • Query parameter name - Assigned the value 'subscription-key'

2. Native OAuth Application-flow authentication method

The Native OAuth Application-flow method listing will have details and links including:

  • Enabled - Indicates if a Native OAuth Application-flow is mandatory ('Yes' or 'No').
  • Auto-enforcement - Indicates if a Native OAuth Application-flow and an authentication method is mandatory. This means the API cannot be accessed without completing a valid Native OAuth Application-flow.
  • Exclusion path - This provide more control on authentication requirement. This means you can permit API accessed without completing a valid Native OAuth Application-flow on specific request path and mandatory valid on on other paths - allowing a secure and less secure area within the API access and use. This parameter is optional, so you can just leave it blank.

You can use wildcards as part of you path setting and this would form part of the filter criteria when enforcing authentication requirement.

  • Custom OAuth scopes (Mandatory) - List of permissions granted to the subscriber or user of the API. For example, 'Read' permission.
  • OAuth token endpoint - Location URL provided by the OAuth token issuer and for performing the Native OAuth Application-flow authentication to obtain a valid token.

Within the Authentication page, you can do the following: