Menu
I want to create a C# Azure Function with http trigger. I want to secure it with an API Key, provide a separate key per customer, and the function should provide customer-specific data so needs to identify who is calling it.
Can I use Azure Function API Keys to identify the customer, e.g. get the name of the Key that has been passed? Or is there no way of knowing within the azure function which key was used to authenticate the request?
If there were a method like GetApiKeyName() I could check the key name against a list of customers in my database and return different data based on who is calling the function. e.g. imagine I have a sales-tracking system and my function is /api/GetMonthlySales. If customer 1 calls the function with their API key they should get their monthly sales and if customer 2 calls it they'd get a different amount.
If this isn't possible that means I need to give additional authentication data to each customer for them to pass to each function call, e.g. a customer Id and a secret Key. But this defeats the purpose of using Azure Functions API Keys, right?
A similar scenario would be if I want to charge customers when they call my function. How do I identify which customer is calling my function?
466
Rory,
This is unfortunately not supported today. The authentication will happen based on key used and you can revoke/renew individual client keys, but that information is not currently surfaced to the functions.
There are some workarounds like mapping the keys by using the management API and matching the request key to identify the client, but they are cumbersome and inefficient.
I've had an issue tracking this here and I have just marked it for triage again to see if we can get this addressed soon.
88
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
