Reputation: 667
Unable to send test requests to backend APIs using the Azure APIM interactive portal
Using the Azure portal, I’m unable to send test requests to the Echo API (and all other backend APIs).
When sending a request, I’m getting the following error:
HTTP/1.1 401 Access Denied
cache-control: private, s-maxage=0
content-length: 152
content-type: application/json
date: Tue, 12 Apr 2022 05:13:28 GMT
vary: Origin
www-authenticate: AzureApiManagementKey realm="https://AAAA.azure-api.net/echo",name="Ocp-Apim-Subscription-Key",type="header"
{
"statusCode": 401,
"message": "Access denied due to missing subscription key. Make sure to include subscription key when making requests to an API."
}
The request works fine when I tick the “Bypass CORS proxy” checkbox and through Postman.
I have the following global inbound CORS policy:
<policies>
<inbound>
<cors allow-credentials="true">
<allowed-origins>
<origin>https://AAAA.developer.azure-api.net</origin>
<origin>https://AAAA.azure-api.net</origin>
</allowed-origins>
<allowed-methods preflight-result-max-age="300">
<method>*</method>
</allowed-methods>
<allowed-headers>
<header>*</header>
</allowed-headers>
<expose-headers>
<header>*</header>
</expose-headers>
</cors>
</inbound>
<backend>
<forward-request />
</backend>
<outbound />
<on-error />
</policies>
and the inbound base policy set on the Echo API.
I haven't expereinced this problem previously. Any ideas how I can bupass the CORS error while submitting test request in the APIM portal?
Upvotes: 2
Views: 2564
Answers (3)
Reputation: 667
I have engaged with Microsoft on this and they are investigating the issue. As per MS initial investigation “Microsoft Defender for Cloud Apps" creates a Proxy that intercepts all requests going out of Azure portal and it seem like MCAS proxy is either removing or modifying headers from the outgoing request thus causing this behaviour. Microsoft has pointed to the following document for reference: Troubleshooting - What is cas.ms, mcas.ms, or mcas-gov.us?. MS has advised that they don’t have any ETA for the fix and that they are investigating further. Their recommendation is to check the Bypass CORS proxy option as workaround for the time being.
Upvotes: 0
Reputation: 533
ByPass CORS option allows the requests originating from any domain. Sometime, allowing the cross-domain access also fixes the issue. Try Azure Cross-domain policy as given below to allow access from 'any' domain (you can specify your domain too).
<cross-domain>
<cross-domain-policy>
<allow-http-request-headers-from domain='*' headers='*' />
</cross-domain-policy>
For details refer MS documentation on managing cross domain access : https://learn.microsoft.com/en-us/azure/api-management/api-management-cross-domain-policies
Upvotes: 0
Reputation:
HTTP/1.1 401 Access Denied
www-authenticate: AzureApiManagementKey realm="https://AAAA.azure-api.net/echo",name="Ocp-Apim-Subscription-Key",type="header"
"message": "Access denied due to missing subscription key. Make sure to include subscription key when making requests to an API."
In this Troubleshooting Steps of Unauthorized errors (401) while invoking APIs in Azure, it is mentioned clearly:
- Due to Wrong
Ocp-Apim-Subscription-Key, this error occurs.
When you create the APIM, the Echo API is subscribed to built-in subscriptions by default. Each subscription has two subscription keys that can be used.
Scenario 1:
By default, Echo API is registered to the Built-in all-access subscription so it will work perfectly until the subscription key is matched:
Scenario 2:
There are 2 more product subscriptions that come by default when an APIM instance is created which are Starter and Unlimited.
When the API is subscribed to that product subscriptions, then the subscription key passing in the header should match with the Original Product Subscription Keys available in the Subscriptions Menu.
Here, the Echo API is subscribed to both the products Starter and Unlimited as shown in 1st Image.
That Product Subscriptions has given with some permissions called Administrators, Developers and Guests. Any one among these should have on the user to access the APIs subscribed these products.
In the 3rd Image, you can see what APIs are subscribed to Starter Product like Echo API.
If any of the above workaround did not solve the issue, please refer the troubleshooting steps doc provided that shows all of the causes that produces this specific error 401 Unauthorized and Missing the Subscription Key along with the resolution.
Upvotes: 1
Related Questions
- Invoking API fails from web page, though succeeds in Test pages
- Publishing Azure APIM Portal Does Not Work
- Azure API management POST request - All body parameters required
- Azure APIM getting CORS error on API Post method
- Azure API Management returns "404 - resource not found" but endpoint testing works
- Azure APIM why am i getting response code of 0
- Azure APIM: new Developer portal requires CORS to test the API
- Azure API Management Test Console Stopped Working
- Azure API Management "Could not complete the request. Please try again later."
- Error reading FrontendRequest message content error in Azure API Management