方案:受保护的 Web APIScenario: Protected web API

通过此方案了解如何公开 Web API。In this scenario, you learn how to expose a web API. 还了解如何保护 Web API,以便只有经过身份验证的用户才能访问它。You also learn how to protect the web API so that only authenticated users can access it.

若要使用 Web API,需要启用使用工作和学校帐户进行了身份验证的用户。To use your web API, you need to either enable authenticated users with work and school accounts.

必备条件Prerequisites

在阅读本文之前,应熟悉以下概念:Before reading this article, you should be familiar with the following concepts:

详情Specifics

下面是保护 Web API 时需要了解的具体信息:Here is specific information you need to know to protect web APIs:

  • 你的应用注册必须至少公开一个范围。Your app registration must expose at least one scope. Web API 接受的令牌版本取决于登录受众。The token version accepted by your web API depends on the sign-in audience.
  • Web API 的代码配置必须验证调用 Web API 时使用的令牌。The code configuration for the web API must validate the token used when the web API is called.

后续步骤Next steps