I've been playing around with API Management and it looks great. The only issue I have is that when calling an API you need to pass a subscription key, which is linked to a 'User'. In the majority of use cases the caller of our APIs are Applications (back-end services).
Am I supposed to be creating a User account per Application, or is there another way for me to obtain a security key for the App?
I have had a brief look at AD, however I don't want to go down that route straight away.
Thanks
You can create a single "API Consumer" user and use the key assigned to that user for all your back end services. Or you could create a separate user for each of your services. But creating a separate user you would have the ability to independently revoke access to certain services and control rate limiting/quotas independently.