Azure API Management: subscription key invalid


Azure API Management is awesome! The thought of API virtualization and the power, flexibility and ease-of-use it can bring, is impressive to say the least.

I have the chance to ‘play’ with the technology with a project I’m working on for one particular client. Starting to play with things you often miss the simplest details or take things for granted. This is such a story…

So, I went on to set-up an API, provided some operations, configured security, etc…

However, using Postman, one error I kept getting was the following:

{ “statusCode”: 401, “message”: “Access denied due to invalid subscription key. Make sure to provide a valid key for an active subscription.” }

No matter what I did, I kept getting the error. Removing the Ocp-Apim-Subscription-Key in the header, provided me with the following error:

{ “statusCode“: 401, “message“: “Access denied due to missing subscription key. Make sure to include subscription key when making requests to an API.” }

It was clear I needed to provide the Azure APIM subscription key, but I was providing the wrong one it seems.

It’s already tricky to find your subscription keys and I had to ask some colleagues more than once where to retrieve it.

To retrieve your keys, go to the Azure portal, select your API Management service, select Users (the below picture mentions Users – PREVIEW, since the transition to the current portal is not finished yet) and you’ll find your subscription keys for your “products” there.


One of the things about Azure API Management is  that any developer can subscribe to start using your API. This can be a paying customer or a customer which you just need to register. For that, there is the Azure API Management developer portal. A completely customizable portal with developer documentation, test forms, etc… based on the settings you determine in the administration portal.

In Azure API Management, a Product contains one or more APIs as well as a usage quota and the terms of use. Once a product is published, developers can subscribe to the product and begin to use the API’s which are part of the product’.

This time, from the developer portal, I copied the subscription keys and added a new header “Ocp-Apim-Subscription-Key”, containing the key copied from the Azure portal.


Still, I kept getting the same error…. it kept me busy for far too long… until I tried to call the Echo API. This is the default API, provided with any Azure API Management service.
I noticed, when trying to call this API from within the developer portal, that the header was already provided. I did not have to provide it myself for the Echo API


Then it dawned to me: I didn’t bother to add my API to one of the (default) products! In the API configuration, you can see in which products your API is included:


I quickly included my API into the Starter and Unlimited products and saved.


Seconds later, refreshing the developer portal for my own API gave me the following result:


Now, sitting here and writing this up, I still don’t have my API working, but at least some poor soul will perhaps some day have the same issue and find this page.

Lesson learned

Always add your API to your product()s, or you will not be able to call them.


Hope this helps at least someone, since I didn’t find this within the MANY Google searches I performed.



Let Git ignore modifications to a file


Lately, at Belgium, we have been working on an internal project after hours and during a hack day. The project and the technology allow some of us, myself included, to get out of our shell and gives us a chance to work with technology we are unfamiliar with.

It is a really interesting work environment and this has sparked my interest in some of the things I haven’t had a chance yet to become familiar with. One of those things was Git. I have experience using TFS (Team Foundation Server) on-premise and VSTS (Visual Studio Team Services), in the cloud.

While setting up VSTS, one is give the option to choose for TFVC (Team Foundation Version Control) or Git. Until now, the safe choice had always been TFVC. This project finally let me work with Git and I must say I learned a lot from this!


This post is not an overview on what the differences between the two are (you can find that here), but rather a difficulty I had during development.

Don’t check-in credentials in web.config

The setup and baseline of the projects were in .NET and were done by a colleague of mine familiar with it already. One of the things I encountered was the fact that we worked with Azure DocumentDb and we need to store the DocumentDb URI and key in the web.config file. However, we can’t have them in the file itself as this is in no way secure.

However, when committing or pushing changes in my local branch to the remote server, I always needed to restore the web.config in its original state. Afterwards, to test the local version again, I needed to include them again. A real problem, as this is quite cumbersome and easily forgotten.

Let Git ignore any local changes

I searched the web for a solution and after some testing I found the solution to my problem here, on StackOverflow.

git update-index --skip-worktree <file-name>

Enter the command in a git command prompt. To get one, go to Team Explorer, Changes, Actions and click Open Command Prompt.


The command will update your local git index and mark the file to skip during commits and to assume no changes were made, although you may actually have made them!

Perfect for our web.config which (almost) never changes!
Even more so, since this only marks your local index and the change is never propagated to the remote index! This means that every developer wanting to do so, will have to do it manually his-/herself.
This is not something that a new developer would need to know about immediately, which is a good thing!

However, whenever we need to make an actual change (one that needs to be merged in the master branch), we need to remove the credentials, make our changes and commit and push the changes remotely to create a PR (pull request).

To do so, use this command in another Git command prompt:

git update-index --no-skip-worktree <file>

Hope you enjoyed this, as this made my life a lot easier on this project! slide deck – Integrate 2016 recap

Yesterday I had a great time at, while presenting my session on Integrate 2016.

I presented the new changes in BizTalk Server 2016 CTP2, covered the upcoming changes in RTM and the new schema update of Azure Logic Apps, together with the new features available in the public preview of the Enterprise Integration Pack

Thanks again to our company,, for providing me the opportunity to be there!

As promised there, please find my slide deck below via SlideShare:

Contact me if you have any questions regarding the slides, I’d be happy to answer you.

The second speaker yesterday was Eldert Grootenboer. He had a great talk on IoT, gateways, sensors and … boats! Keep an eye out on his blog, since he promised some more IoT posts coming up.

As always, it was nice to talk to the people present. A big thank you to them! Especially since it was not such a great time to attend, just before holiday period and there were a lot of traffic jams around Antwerp yesterday evening. We do have a good community out there!

Enjoy the slide deck!