How to renew shared subscription key in azure api management gateway?

Question

I'm using <log-to-event-hub> policy to log all the request and responses to event-hubs.This policy requires a logger-id which refers to the event hub where our logs will be streamed.To create this logger I referred https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-log-event-hubs . Where we send a PUT request to https://{your service}.management.azure-api.net/loggers/{new logger name}?api-version=2017-03-01 with the SharedAccessSignature token generated in the Management API section API Management Service.Now this token is valid only for 30days.That means the<log-to-event-hub> policy can log to this event-hub only for 30 days.

Today the SharedAccessSignature got expired.So all of my API's started throwing a 500 internal server error.How to renew this SharedAccessSignature automatically so that when its about to expire it automatically gets renewed with the new SharedAccessSignature.

I did not find any solution so I deleted the event-hub and created a new one with the new shared key.I will be storing all my logs in this event-hub so it should be running up everytime.Can anyone help me with this.

Answer 1

You're mixing up tokens here. The token you generate in "Management API" section is used to authenticate your call to create logger. This token is only needed if you choose to make that call via our direct api (xxx.management.azure-api.net) and not via ARM. This PUT call needs to be done only once to create a logger. The credentials that are used to talk to eventhub are passed inside payload of that call, see "credentials" here: https://learn.microsoft.com/en-us/rest/api/apimanagement/2019-01-01/logger/createorupdate#request-body. And it's those credentials you may need to rotate. See eventhub docs on how to create those credentials.