This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 30%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVT%3C/text%3E%3C/svg%3E)
Hi @AmanpreetSingh-MSFT ,
Could you please help me to find documentation or sample custom profile example where I can find way to pass custom header to REST API?
In my case we are calling REST API to validate user credentials and REST API is secured through API key, in order to make successful calls I need to pass following header:
"X-API-Key" : "API KEY VALUE"
Another details I wanted to check if there is anyway to automate this behavior, for example: If I store my API key in key-vault can I get it from key vault and add it into custom policy header, so that key rotation scenario will be handled automatically?
Thanks for your help.
Thanks for your help.
Hi @Vikas Tiwari ·
Please refer to the example below:
<TechnicalProfile Id="RestApi">
<DisplayName>Restful Open Source Claims Provider</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ServiceUrl">http://myapi.example.com/api/User/formbody</Item>
<Item Key="AuthenticationType">ApiKeyHeader</Item>
</Metadata>
<CryptographicKeys>
<Key Id="x-api-key" StorageReferenceId="KeyIdInStorage" />
</CryptographicKeys>
</TechnicalProfile>
The key here is "AuthenticationType" and the CryptographicKey Id= which sets the header key. Let me know if it helps.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Perfect @AmanpreetSingh-MSFT Its working I have validated through API call.
Just wondering if there is any option to upload this key in policy key container through key-vault, that way it will be easy to implement key rotation automatically.
Thanks for your help on this.
@Vikas Tiwari As of now we can't fetch B2C policy keys from Key Vault. B2C requires policy keys to be stored in Policy Keys container within B2C only.
Thanks @AmanpreetSingh-MSFT I will keep note of it.
You can send all the input claims as headers setting the Metadata\SendClaimsIn element value to Header.
Thanks @alfredo-revilla-msft I am sending my claims in header using the way you have described. But I wanted to send few more details which is not part of my claim but only header specific information. for example in my case I need to send X-API-Key in header which is not part of my claim but will be used to authenticate request.
@Vikas Tiwari currently that's not supported but you can voice your interest in such feature in the Azure Active Directory feedback forum.