How to Authenticate calls to your API without changing code

 

Create an Azure AD application identity for your logic app

Your logic app resource uses this Azure AD application identity to authenticate against Azure AD. You only have to set up this identity one time for your directory. For example, you can choose to use the same identity for all your logic apps, even though you can create unique identities for each logic app. You can set up these identities in the Azure portal or use PowerShell.

  1. In the Azure portal, select Azure Active Directory.

  2. Confirm that you're in the same directory as your web app or API app.

  3. On the directory menu, under Manage, select App registrations > New registration.

    The All registrations list shows all the app registrations in your directory. To view only your app registrations, select Owned applications.

    Screenshot showing Azure portal with Azure Active Directory instance, "App registration" pane, and "New application registration" selected.

  4. Provide a user-facing name for your logic app's application identity. Select the supported account types. For Redirect URI, select Web, provide a unique URL where to return the authentication response, and select Register.

    Screenshot showing "Register an application" pane with application identity name and URL where to send authentication response.

    The Owned applications list now includes your created application identity. If this identity doesn't appear, on the toolbar, select Refresh.

    Screenshot showing the application identity for your logic app.

  5. From the app registrations list, select your new application identity.

  6. From the application identity navigation menu, select Overview.

  7. On the Overview pane, under Essentials, copy and save the Application ID to use as the "client ID" for your logic app in Part 3.

    Screenshot showing the application (client) ID underlined.

  8. From the application identity navigation menu, select Certificates & secrets.

  9. On the Client secrets tab, select New client secret.

  10. For Description, provide a name for your secret. Under Expires, select a duration for your secret. When you're done, select Add.

    The secret that you create acts as the application identity's "secret" or password for your logic app.

    Screenshot showing secret creation for application identity.

    On the Certificates & secrets pane, under Client secrets, your secret now appears along with a secret value and secret ID.

    Screenshot showing secret value and secret ID with copy button for secret value selected.

  11. Copy the secret value for later use. When you configure your logic app in Part 3, you specify this value as the "secret" or password.


No comments:

Post a Comment

How to Deploy your API as a web app or API app

  Before you can call your custom API from a logic app workflow, deploy your API as a web app or API app to Azure App Service. To make your ...