Azure API Management: subscription key invalid

download

Azure API Management is awesome! The thought of API virtualization and the power, flexibility and ease-of-use it can bring, is impressive to say the least.

I have the chance to ‘play’ with the technology with a project I’m working on for one particular client. Starting to play with things you often miss the simplest details or take things for granted. This is such a story…

So, I went on to set-up an API, provided some operations, configured security, etc…

However, using Postman, one error I kept getting was the following:

{ “statusCode”: 401, “message”: “Access denied due to invalid subscription key. Make sure to provide a valid key for an active subscription.” }

No matter what I did, I kept getting the error. Removing the Ocp-Apim-Subscription-Key in the header, provided me with the following error:

{ “statusCode“: 401, “message“: “Access denied due to missing subscription key. Make sure to include subscription key when making requests to an API.” }

It was clear I needed to provide the Azure APIM subscription key, but I was providing the wrong one it seems.

It’s already tricky to find your subscription keys and I had to ask some colleagues more than once where to retrieve it.

To retrieve your keys, go to the Azure portal, select your API Management service, select Users (the below picture mentions Users – PREVIEW, since the transition to the current portal is not finished yet) and you’ll find your subscription keys for your “products” there.

APIM1

One of the things about Azure API Management is  that any developer can subscribe to start using your API. This can be a paying customer or a customer which you just need to register. For that, there is the Azure API Management developer portal. A completely customizable portal with developer documentation, test forms, etc… based on the settings you determine in the administration portal.

In Azure API Management, a Product contains one or more APIs as well as a usage quota and the terms of use. Once a product is published, developers can subscribe to the product and begin to use the API’s which are part of the product’.

This time, from the developer portal, I copied the subscription keys and added a new header “Ocp-Apim-Subscription-Key”, containing the key copied from the Azure portal.

APIM2

Still, I kept getting the same error…. it kept me busy for far too long… until I tried to call the Echo API. This is the default API, provided with any Azure API Management service.
I noticed, when trying to call this API from within the developer portal, that the header was already provided. I did not have to provide it myself for the Echo API

APIM3

Then it dawned to me: I didn’t bother to add my API to one of the (default) products! In the API configuration, you can see in which products your API is included:

APIM4

I quickly included my API into the Starter and Unlimited products and saved.

APIM5

Seconds later, refreshing the developer portal for my own API gave me the following result:

APIM3

Now, sitting here and writing this up, I still don’t have my API working, but at least some poor soul will perhaps some day have the same issue and find this page.

Lesson learned

Always add your API to your product()s, or you will not be able to call them.

 

Hope this helps at least someone, since I didn’t find this within the MANY Google searches I performed.

Cheers,
Pieter