This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 82%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENA%3C/text%3E%3C/svg%3E)
I have a backend API that need to be authenticate using Azure AD B2C. I need to put my backend API to Azure API Management to allow external users to use. As the backend already need to be authenticate with Azure AD B2C, so I include the OAuth2 request in the API Management, linking up to my AADB2C tenant.
Now, my question, I won't and don't know what the external users will use to authenticate their frontend. How do I let them use my backend API with AADB2C? Or should I just encourage my team to redo the API, by removing all the AADB2C related auth for this Azure API Management Portal? I'm new here, how does it supposed to work, can someone lighten me up?
Implement OAuth2 in the API Management policy to handle authentication.
Here’s a helpful guide:
https://learn.microsoft.com/en-us/azure/api-management/authentication-authorization-overview
Hi Vahid! Thank you for your answer. However, as much as I understand this method will need me to enforce my clients to use Azure AD B2C authentication flow from their frontend software which are utilizing these APIs. I have no authority to enforce them in what type of authentication that they will use in their software. Is there another method that does not require them to implement Azure AD B2C from their software? They might even not include authentication in their software
Hi Vahid! Thank you for your answer. However, as much as I understand this method will need me to enforce my clients to use Azure AD B2C authentication flow from their frontend software which are utilizing these APIs. I have no authority to enforce them in what type of authentication that they will use in their software. Is there another method that does not require them to implement Azure AD B2C from their software? They might even not include authentication in their software