search

Azure / static-web-apps

Azure Static Web Apps. For bugs and feature requests, please create an issue in this repo. For community discussions, latest updates, kindly refer to the Discussions Tab. To know what's new in Static Web Apps, visit https://aka.ms/swa/ThisMonth
https://aka.ms/swa
MIT License
318 stars 53 forks source link

Unauthorized response when calling an API Managament Backend API that uses a non-default Subscription Header Name #1483

Open stevieshannon opened 1 month ago

stevieshannon commented 1 month ago

To Reproduce Steps to reproduce the behavior:

  1. Create an API within API Managment
  2. Change the API's Subscription Header name from Ocp-Apim-Subscription-Key to x-api-key
  3. Create a Static Web App and configure API Management as a linked backend
  4. Configure the API Managment API to recieve requests for the above API

Expected behavior Requests made by the Static Web App to the API Management API should include the correct Subscription key value within the the correct Subscription Header for the API.

Additional context I haven't seen any documentation around how/if this is expected to work; there's nothing in the SWA API Managment documentation that suggests such a configuration is not possible.

Having enabled API Management's tracing, I can see that the default Ocp-Apim-Subscription-Key appears to be sent from the Static Web App in this configuration, which obviously fails as this is not the correct Subscription Header for the API.

In my specific setup, I have a number of other APIs already using x-api-key and I require the API design to be consistant.