From 736082ca743db120c3dc4daf72f450fb2fa11a5a Mon Sep 17 00:00:00 2001 From: Martin Danielsson Date: Mon, 15 Feb 2016 10:24:51 +0100 Subject: [PATCH] Added note on OAuth not being part of this blog post --- _posts/2016-02-15-securing-backends-azure-apim.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/_posts/2016-02-15-securing-backends-azure-apim.md b/_posts/2016-02-15-securing-backends-azure-apim.md index b045de6..73f1f1d 100644 --- a/_posts/2016-02-15-securing-backends-azure-apim.md +++ b/_posts/2016-02-15-securing-backends-azure-apim.md @@ -25,6 +25,9 @@ We will check out the following possibilities: * Virtual Networks and Network Security Groups * VPNs +What is not part of this blog post is how you also can use OAuth related techniques to secure backend services. Focus of this article is how to technically secure the backends, not using means such as OAuth. + + ### Security by obscurity For some very non-critical backend services running in the same Azure region (and only in those cases), it may be enough to secure the backend via obscurity; some have suggested that it can be enough to check for the `Ocp-Apim-Subscription-Key` header which will by default be passed on from the client via the API gateway to the backend service (unless you filter it out via some policy).