DEVHIDE
Login Or Sign up

How to use Azure AD to secure an API that needs to be accessed by a 3rd party application?

957 Views Asked by At

We are running an API that is configured for and secured by Azure AD. This is working for us with an Angular app where users login interactively. Now we have a need for a partner firm to use the API in a system to system way (no user login).

What needs to be configured for their application to get an OAuth token for our API from Azure AD?

I've examined the service to service call flow, but I'm wondering if it's best practice to create an application registration in our tenant for an application we don't own/manage. However this seems to be the fastest way to give them a client ID/Secret in order for them to interact with Azure AD.

Thanks in advance! -Doug

azure-active-directory b2b api-security
Original Q&A
1

There are 1 best solutions below

2
On
  • Azure active directory supports the OAuth 2.0 to authorize the third-party apps too. It doesn’t actually matter where the web APIs are hosted.You can even see Azure Active Directory recommendation on third party apps. It actually adds up security and different type of apps can be integrated .
  • But you will need to have your web app authenticate to Azure AD, and provide the token to the web api.so it requires app registration .
  • Scenario for external web app to call a web api, you can refer to this:web-app-call-api
  • Your application can acquire a token to call a web API on behalf of itself (not on behalf of a user) i.e; you can achieve scenario where non-interactive app calls a web api

But if you meant app calling a partner api using another api . The Azure AD V2.0 doesn't support the Partner API(See Restrictions on services and APIs) when you integrated the web API with third-party application using MSAL(Azure AD V2.0 endpoint) .

One way is using the on-behalf-flow. Here third-party application initially acquires the access token to call the web API. This web API acquire the token for Partner Center API and calls it using on-behalf-flow with that token. This solution uses the Azure AD endpoint instead of v2.0( register the app on Azure portal).

Other References:

  1. asp.net web api - Azure Active Directory Verify Access Token in Web Api outside of Azure - Stack Overflow
  2. Authentication vs. authorization

Related Questions in AZURE-ACTIVE-DIRECTORY

Related Questions in B2B

Related Questions in API-SECURITY

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.