Azure Authorizer reference configuration
Learn how you can configure your Azure Authorizer so that its settings are tailored to your specific needs.
About Azure Authorizer configuration
For the Azure Authorizer, its configuration is adjusted by adding environment variables to your ACP Azure Authorizer configuration in the Azure API Gateway portal. To know how to add environment variables for your authorizer, see the Setting environment variables section of the Protecting APIs on Azure API Gateway documentation.
Required settings
| Setting | Type | Default | Description |
|---|---|---|---|
| ACP_ISSUER_URL | string | Defaults to the issuer URL for the workspace in which the authorizer is created | Your authorizer issuer URL |
| ACP_CLIENT_ID | string | Defaults to the client identifier of a client application that is created for your authorizer in the System workspace | Client identifier of your authorizer’s client application that is used for the purpose of authenticating your requests |
| ACP_CLIENT_SECRET | string | Defaults to the client secret of a client application that is created for your authorizer in the System workspace | Client secret of your authorizer’s client application that is used for the purpose of authenticating your requests |
| AZURE_SUBSCRIPTION_ID | string | - | Your Azure subscription identifier |
| AZURE_TENANT_ID | string | - | Your Azure tenant identifier |
| AZURE_CLIENT_ID | string | - | Client identifier for the Azure AD application that can access your resources. To learn more, see Creating an Azure ADD applications in Azure documentation and Registering an application section of the Protecting APIs on Azure API Gateway article. |
| AZURE_CLIENT_SECRET | string | - | Client secret for the Azure AD application that can access your resources. To learn more, see Creating an Azure ADD applications in Azure documentation and Registering an application section of the Protecting APIs on Azure API Gateway article. |
Optional settings
| Setting | Type | Default | Description |
|---|---|---|---|
| LOGGING_LEVEL | string | info | Possible values from the most strict levels to the ones that give the most detailed information: error, warn, info, debug, trace. |
| CONFIG_SYNC_INTERVAL | time.Duration | 60s | Represents the frequency of fetching APIs from the Azure API Gateway and synchronizing it with ACP. |
| ACP_RELOAD_INTERVAL | time.Duration | 30s | Represents the frequency of retrieving policies from ACP by the authorizer. |
| ANALYTICS_ENABLED | bool | true | If true, turnes off the analytics for the Lambda Authorizer in ACP’s Admin Panel Analytics. |
| ENFORCEMENT_ALLOW_UNKNOWN | bool | false | If set to false, the authorizer blocks every API request that does not match the provided criteria. |
| HTTP_CLIENT_ROOT_CA | string | - | Path to the root certificate for your authorizer’s client application. |
| HTTP_CLIENT_INSECURE_SKIP_VERIFY | bool | false | Disables certificate verification |
| AZURE_AUTHORIZER_TIMEOUT | int | 5s | Timeout for the authorizer’s HTTP client application |
| AZURE_STATIC_AUTHORIZER_URL | string | By default, the authorizer URL used in policies is discovered automatically. | Points to your authorizer domain if you use custom domains and non-standard deployment. |
| AZURE_WEBSITE_RESOURCE_GROUP | string | - | Specifies your Azure resource group. |
| AZURE_WEBSITE_HOSTNAME | string | - | Azure hostname for your website |