Last-mile Security

Play Last-mile Security
Sign in to queue


Discover how to implement last-mile security to protect you backend services by using HTTP basic authentication or shared secret authentication.


API, Azure



Download this episode

The Discussion

  • User profile image

    Hi, nice video, one question. If we use both of the methods from our App, the key has to be stored in the assembly, right? And since is in the assembly you can search it with a .Net disasembler. How can we protect against this?

  • User profile image

    @nandodixtorsion:Hi there, appreciate the feedback. The scope of the video is security between API Management proxy and the backend API services. I think your question is about securing the subscription-key used between your mobile app and API Management proxy. In that case, one thing you can do is having your mobile app call your app backend first and having the app backend call the APIs.

    Let me know if you have further questions. You can find me @miaojiang

  • User profile image
    Bhalchandra Kadam

    Does Azure API Management Platform provides any way to implement the OAuth2 authorization service for APIs. Currently my APIs do not have it and we are looking to use the Azure Service for API Management but did not find anything related with OAuth2

  • User profile image

    @Bhalchandra Kadam: This is cooking in our developer's kitchen right now.

  • User profile image

    I have published a basic-auth Web API Sample here:

Add Your 2 Cents