I am trying to pass a bearer token from another API that I have subscribed to via my API into my APIM. I had the idea of adding inbound processing that adds a set-header that adds "authorization" and "Bearer xxxxxxxxxxxxxxxxxxxxx". So I was wondering if this is safe enough, as I don't want my bearer token to be public, I'm not sure if this can be traced outside of the APIM itself.
Could there be a better solution?
I found this https://learn.microsoft.com/en-us/azure/api-management/policies/use-oauth2-for-authorization in the Microsoft docs, but I'm not sure if it also works if it's a bearer token not linked to Azure AD. But maybe using "send-request" puts me on the right track?
Kind regards
You can store your secrets in Azure key vault. Define the secrets in APIM named properties. You should be good to securely send your token - "myToken"
<set-header name="Authorization" exists-action="override">
<value>Bearer {{myToken}}</value>
</set-header>