Azure HTTP Function Authorization with Function Keys

When creating an Azure Function triggered via HTTP, one way to authorize use of the function is to configure the HTTP function trigger to require the caller to provide a function key.

Azure Function HTTP Trigger Authorization Modes

With the authorization set to Anonymous, as expected anyone can call it.

When set to Function Authorization, the caller needs to provide the function key either as a URL query string parameter or in a header.

The function key can be found by navigating to Manage tab as the following screenshot shows:

Finding the Azure Function Key

Once Function Authorization is enabled, if the client does not provide it correctly the function will return a 401 Unauthorized.

To supply the function key in the URL, the “code” query string parameter can be used, e.g. “https://myazurecloudfunctions.azurewebsites.net/api/SayHi?code=udXhf3pviSICFMtViW/pqmV/1Q5vLH5aMcRWXfD/q6NXk2VVxRlfYw==”.

Alternatively an “x-functions-key” header can be added containing the key as the following Postman screenshot shows:

Calling Azure Function with Postman and Function Key

To jump-start your Azure Functions knowledge check out my Azure Function Triggers Quick Start Pluralsight course.

You can start watching with a Pluralsight free trial.

SHARE:

Comments (9) -

  • Chris Grigg

    10/30/2018 2:06:17 AM | Reply

    Hi, this solution is not working for me. I did the same thing as you in Postman?

  • Leo

    5/16/2019 8:28:32 PM | Reply

    This article saved my day!

    • Jason Roberts

      5/28/2019 5:24:29 AM | Reply

      Glad to be of help Leo!!

  • David

    9/16/2019 3:43:03 PM | Reply

    Many thanks !! I was wondering if there is some way to modify the name (x-functions-key)...

  • drew

    10/31/2019 9:35:19 PM | Reply

    really helpful info, thank you!!!

    • Jason

      12/13/2019 3:24:00 AM | Reply

      Thanks Drew Smile

  • Mano

    6/17/2020 10:18:46 AM | Reply

    I have already set the  AuthorizationLevel to Anonymous, and I am able to make calls from Postman, but I am not able to make calls from the Test+Run section in Azure.
    There I get a 401... Frown

  • Robert

    11/3/2020 11:41:20 AM | Reply

    Thank you! That's very helpful! I was looking for this kind of solution that will allow me to log request URL without compromising security. You saved my day!

Pingbacks and trackbacks (2)+

Add comment

Loading