Azure API Management (APIM) enhances security by centralizing and enforcing authentication, authorization, threat protection, rate limiting, and monitoring for added APIs, ensuring a secure API ecosystem with simplified management and robust protection against threats.

In the last section, I demonstrated how to deploy a Django REST API to an Azure Web App. You can click the link for details. Now, I will show how to use Azure API Management (APIM) to enforce authentication and authorization using OAuth 2

  1. Define the target API URL in the Web service URL section
  2. Define the base URL by appending it under API URL suffix

Add Operation 

Add policy 'validate-jwt' in 'Inbound processing'

1. Include the application ID in the 'Values' section under 'Required Claims.'

2. Add the Open ID URLs 'https://login.microsoftonline.com/{aad-tenant}/v2.0/.well-known/openid-configuration'

Exploring OAuth2 authentication Testing on Azure Web App

To get the oauth2 token

Pass the oauth2 token to the api call

Output of the API call