In my project, we had a requirement to call a REST API using OAuth Authentication from Azure LogicApps.
We had configured APIM to do the authentication bit, so that we can just make one HTTP call from Azure LogicApps to the APIM endpoint and APIPM endpoint will take care of the making the token call and passing the bearer token to the actual end-point.
The details for the Token Request and configuration is done in the Inbound processing section of the APIM.
In my example the process is as follows
1. Get the token by calling the token end-point by passing ClientId and Secret as basic Authentication
2. Call the actual end-point using the token received from the above request as Bearer Token using Oauth Authentication
Assumption: You have the basic understanding of the Azure Key Vault, Azure APIM, Azure Logicapps
Steps to do:
1. Store the ClientId and Secret into the Azure KeyVault
2. Create a NamedValue pair in the APIM referencing the Secrets from the KeyVault
3. Specify the details in the Inbound processing section on the APIM entry
<!--- Policies are applied in the order they appear.- Position <base/> inside a section to inherit policies from the outer scope.- Comments within policies are not preserved.--><!-- Add policies as children to the <inbound>, <outbound>, <backend>, and <on-error> elements --><policies><!-- Throttle, authorize, validate, cache, or transform the requests --><inbound><base /><send-request ignore-error="false" timeout="20" response-variable-name="oauthResponse" mode="new"><set-url>{{TokenEndPoint}}</set-url><set-method>POST</set-method><set-header name="Content-Type" exists-action="override"><value>application/x-www-form-urlencoded</value></set-header><set-body>@{return "grant_type=client_credentials&client_id={{CreateNotifClientId}}&client_secret={{CreateNotifClientSecret}}";}</set-body></send-request><set-backend-service base-url="{{APIEndPoint}}" /><set-header name="Authorization" exists-action="override"><value>@("Bearer " + (String)((IResponse)context.Variables["oauthResponse"]).Body.As<JObject>()["access_token"])</value></set-header><set-header name="Ocp-Apim-Subscription-Key" exists-action="delete" /></inbound><!-- Control if and how the requests are forwarded to services --><backend><base /></backend><!-- Customize the responses --><outbound><base /></outbound><!-- Handle exceptions and customize error responses --><on-error><base /></on-error></policies>
4. Now from the Azure LogicApp you can just call this APIM endpoint and the APIM will take care of the OAuth Authentication.
Hope this helps or give some idea on how to configure this. Obvioulsy there will be chnages needed based on how the authenticattion is configured by the API Provider.
Feel free to point out if anything is missing/wrong in this blog.
