none
Protect an API by using OAuth 2.0 with Azure Active Directory and API Management RRS feed

All replies

  • Have you given proper permissions in App registration page to the web api you are calling through the registered client app. Refer to Grant permissions in Azure AD section of the document.

    Also, can you provide the full error message over here.

    Tuesday, September 10, 2019 10:54 PM
    Moderator
  • Yes i do that 
    HTTP/1.1 401 Unauthorized
    
    date: Wed, 11 Sep 2019 08:15:51 GMT
    vary: Origin
    ocp-apim-trace-location: https://apimstxwhakldr5dimtzvr2v.blob.core.windows.net/apiinspectorcontainer/nFMYEyIs0IKGZhsOSJjXvA2-45?sv=2018-03-28&sr=b&sig=8nuo%2B8d3%2FWe05%2F9OOlUzythUQwxBVEqiZx5AcQVySqc%3D&se=2019-09-12T08%3A15%3A50Z&sp=r&traceId=4167a66c411a4c9eb1c6b3942562a491
    content-type: application/json
    content-length: 85
    {
        "statusCode": 401,
        "message": "Unauthorized. Access token is missing or invalid."
    }
    Wednesday, September 11, 2019 8:51 AM
  • Have you added OAuth2 authorization server to your API management instance.  Please refer to How to authorize developer accounts using OAuth 2.0 in Azure API Management

    And then you need to configure the API to use OAuth2 authorization from the Publisher portal (Security tab of the API properties) or from the Azure portal (under security). 

    Monday, September 16, 2019 11:37 PM
    Moderator