1

We have configured APIM and point it to API endpoints which is deployed in WebApp.

We have configured products, subscription keys, APIS, Operations for the same.

For APIM endpoints, it is necessary for developer to pass subscription key, if not passed, APIM will return HTTP 401 with below error message

Access denied due to invalid subscription key. Make sure to provide a valid key for an active subscription.

Is there any way, we can change this with custom message as required by business team?

Manish Joisar
  • 1,256
  • 3
  • 23
  • 47

2 Answers2

0

Use choose policy inside on-error section to identify the scenario (you can inspect context.LastError.Reason), and return-response policy to provide custom response.

Vitaliy Kurokhtin
  • 7,205
  • 1
  • 19
  • 18
  • This will not work. if a subscription is required for the API, and a request comes in with an invalid subscription key, APIM will reject the request before the API's policies are ever invoked. – BobbyA Mar 06 '20 at 15:23
  • 1
    That is not the case. If request is not fulfilled by APIM for any reason (including missing or invalid subscription key) on-error section is executed. See here: https://learn.microsoft.com/en-us/azure/api-management/api-management-error-handling-policies#predefined-errors-for-built-in-steps for predefined error codes. You should check for "SubscriptionKeyNotFound" and "SubscriptionKeyInvalid" – Vitaliy Kurokhtin Mar 09 '20 at 21:52
  • The documentation does says that. That's not the behavior my APIM tenant is currently exhibiting though. I may be experiencing a bug, I'll contact support and see – BobbyA Mar 10 '20 at 14:20
  • 1
    Yup, you're right. Part of my issue was where my policies were being defined. They can be defined at the All APIs level, the API level, and the Operation level. For the URL: https://{host}/{API URL Suffix}/{Operation Path}, defining the message body for an incorrect API URL suffix should happen at the All API level. Dealing with an invalid subscription key should happen at the API or Operation level. You can inherit defined policy behavior from a higher level using the policy – BobbyA Mar 10 '20 at 16:06
0

There is currently no way to do this. Please vote for this request on Azure's feedback forum:

Customize error schema messages

Edit: @Vitaliy Kurokhtin answer is a work-around, although you need to keep in mind where you define the error policy (All APIs level, API level, Operation level) will impact whether or not the On Error policy you defined will get invoked

BobbyA
  • 2,090
  • 23
  • 41