Configure users of the developer portal to authenticate using usernames and passwords
In the developer portal for Azure API Management, the default authentication method for users is to provide a username and password. In this article, learn how to set up users with basic authentication credentials to the developer portal.
For an overview of options to secure the developer portal, see Secure access to the API Management developer portal.
Prerequisites
- Complete the Create an Azure API Management instance quickstart.
Go to your API Management instance
In the Azure portal, search for and select API Management services.
On the API Management services page, select your API Management instance.
Confirm the username and password provider
By default, the username and password identity provider is enabled in the developer portal. To confirm this setting:
- In the left menu of your API Management instance, under Developer portal, select Identities.
- In the Provider type list, confirm that Username and password appears.
If the provider isn't already enabled, you can add it:
- In the left menu of your API Management instance, under Developer portal, select Identities > + Add.
- Under Type, select Username and password, and then select Add.
Add a username and password
There are two ways to add a username and password for authentication to the developer portal:
An API publisher can add a user through the Azure portal, or with equivalent Azure tools such as the New-AzApiManagementUser Azure PowerShell cmdlet. For steps to use the portal, see How to manage user accounts in Azure API Management.
An API consumer (developer) can sign up directly in the developer portal, using the Sign up page.
Note
API Management enforces password strength requirements including password length. When you add a user in the Azure portal, the password must be at least 6 characters long. When a developer signs up or resets a password through the developer portal, the password must be at least 8 characters long.
Delete the username and password provider
If you've configured another identity provider for the developer portal such as Microsoft Entra ID or Azure AD B2C, you might want to delete the username and password provider.
Deleting the identity provider prevents adding users to use username and password authentication. Existing users configured for basic authentication are also prevented from signing into the developer portal.
- In the left menu of your API Management instance, under Developer portal, select Identities.
- In the Provider type list, select Username and password. In the context menu (...), select Delete.
Tip
If you want to disable all sign up or sign in functionality in the developer portal, see How do I disable sign up in the developer portal?
Next steps
For steps to add other identity providers for developer sign-up to the developer portal, see: