When using the API key mode, the key can be passed as a query string variable or an HTTP header.
To be secure, the API key authorization must be used in combination with transport layer encryption (TLS, formerly, SSL), to prevent the API key from being passed over HTTP in clear text, and possibly being stolen during a man-in-the-middle attack (https://www.owasp.org/index.php/Man-in-the-middle_attack).
There are two ways to pass the API key to the function:
- In a query string parameter
- In the HTTP request header
If using a query string parameter to pass the API key, the request made to the function will look like the following:
https://<AppName>.azurewebsites.net/api/<FunctionName>?code=<ApiKey>
Note that it is best practice ...