| title | description | services | documentationcenter | author | manager | editor | ms.assetid | ms.service | ms.workload | ms.tgt_pltfrm | ms.devlang | ms.topic | ms.date | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Azure API Management authentication policies | Microsoft Docs |
Learn about the authentication policies available for use in Azure API Management. |
api-management |
vladvino |
erikre |
061702a7-3a78-472b-a54a-f3b1e332490d |
api-management |
mobile |
na |
na |
article |
11/27/2017 |
apimpm |
This topic provides a reference for the following API Management policies. For information on adding and configuring policies, see Policies in API Management.
-
Authenticate with Basic - Authenticate with a backend service using Basic authentication.
-
Authenticate with client certificate - Authenticate with a backend service using client certificates.
Use the authentication-basic policy to authenticate with a backend service using Basic authentication. This policy effectively sets the HTTP Authorization header to the value corresponding to the credentials provided in the policy.
<authentication-basic username="username" password="password" /> <authentication-basic username="testuser" password="testpassword" /> | Name | Description | Required |
|---|---|---|
| authentication-basic | Root element. | Yes |
| Name | Description | Required | Default |
|---|---|---|---|
| username | Specifies the username of the Basic credential. | Yes | N/A |
| password | Specifies the password of the Basic credential. | Yes | N/A |
This policy can be used in the following policy sections and scopes.
-
Policy sections: inbound
-
Policy scopes: API
Use the authentication-certificate policy to authenticate with a backend service using client certificate. The certificate needs to be installed into API Management first and is identified by its thumbprint.
<authentication-certificate thumbprint="thumbprint" /> <authentication-certificate thumbprint="....." /> | Name | Description | Required |
|---|---|---|
| authentication-certificate | Root element. | Yes |
| Name | Description | Required | Default |
|---|---|---|---|
| thumbprint | The thumbprint for the client certificate. | Yes | N/A |
This policy can be used in the following policy sections and scopes.
-
Policy sections: inbound
-
Policy scopes: API
For more information working with policies, see:
- Policies in API Management
- Transform APIs
- Policy Reference for a full list of policy statements and their settings
- Policy samples