Enforce API keys so that clients have to provide authentication credentials to use the service. (Note: Currently access is restricted via CORS policies)

tosm01 / azure-email-service

A service for sending Emails created with the Azure Communication Services Python Email SDK.

3 stars 0 forks source link

Enforce API keys so that clients have to provide authentication credentials to use the service. (Note: Currently access is restricted via CORS policies) #2

Open tosm01 opened 1 year ago

tosm01 commented 1 year ago

Add API-Management so that external clients need to provide keys. For internal clients, the backend should retrieve the credentials directly from Azure Active Directory.

tosm01 commented 1 year ago

Can't implement this on my current Azure student subscription due to restricted access. Need to migrate to another subscription.

tosm01 commented 1 year ago

Currently to ensure that the API can't be abused, CORS policies have been implemented as well as a list of approved sender and recipient emails.

tosm01 commented 1 year ago

To add to the above, the email limit is also only 25 emails per hour which should protect against spam for now. (https://learn.microsoft.com/en-us/azure/communication-services/concepts/service-limits)