-
-
Notifications
You must be signed in to change notification settings - Fork 293
API Authentication
Acmebot supports two authentication methods for API access. Choose the one that matches how your Function App is configured.
| Method | Use when | What you send |
|---|---|---|
| Functions host key | App Service Authentication is disabled, or you want a simple internal integration |
X-Functions-Key header |
| Microsoft Entra ID | App Service Authentication is enabled and you want centrally managed API access |
Authorization: Bearer <access token> header |
Use this method for private or simplified integrations when App Service Authentication is not enabled.
Obtain the host key from Azure Portal and pass it in the X-Functions-Key header.
var httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.TryAddWithoutValidation("X-Functions-Key", "<functions host key>");
var response = await httpClient.GetStringAsync("https://***.azurewebsites.net/api/certificates");
Console.WriteLine(response);Reference:
Use this method when App Service Authentication protects the API.
Add a scope to the Microsoft Entra application that was created when App Service Authentication was configured.
Pre-configured sample:
Terraform example configuration
Create a client application that can request tokens for the exposed API.
Use MSAL to request a token for the API scope and send it as a bearer token. The requested scope usually takes the form <application-uri>/.default.
using System.Net.Http.Headers;
using Microsoft.Identity.Client;
var app = ConfidentialClientApplicationBuilder.Create("<client id>")
.WithClientSecret("<client secret>")
.WithTenantId("<tenant id>")
.Build();
var token = await app.AcquireTokenForClient(new[] { "<application uri>/.default" }).ExecuteAsync();
var httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token.AccessToken);
var response = await httpClient.GetStringAsync("https://***.azurewebsites.net/api/certificates");
Console.WriteLine(response);