How do you secure APIs using API keys and OAuth?

• API Keys: Generated per subscription, required in request headers or query

parameters.

• OAuth 2.0: APIM can validate bearer tokens issued by Azure AD or external IdP.

Example – API key header:

GET

Header: Ocp-Apim-Subscription-Key: <your-subscription-key>