Hi, nice video, one question. If we use both of the methods from our App, the key has to be stored in the assembly, right? And since is in the assembly you can search it with a .Net disasembler. How can we protect against this?
@nandodixtorsion:Hi there, appreciate the feedback. The scope of the video is security between API Management proxy and the backend API services. I think your question is about securing the subscription-key used between your mobile app and API Management proxy. In that case, one thing you can do is having your mobile app call your app backend first and having the app backend call the APIs.
Let me know if you have further questions. You can find me @miaojiang
Does Azure API Management Platform provides any way to implement the OAuth2 authorization service for APIs. Currently my APIs do not have it and we are looking to use the Azure Service for API Management but did not find anything related with OAuth2