Enable and configure a subscription with a JWT

  • A valid tested Service in the Unpublished or Testing status.
  • A private and public key generated by any tool in one of the following formats:
    • RSA
    • HSA (HMAC SHA)
    • ECDSA
  1. Open a version of the Service.
  2. Click Subscription settings.
    The Subscription settings panel opens:
    Subscription settings panel

  3. Select whether the subscription configuration should apply to all versions of the Service or only the current version.
  4. Enter a numeric value ≥ 1 and select the time unit for the subscription expiration.
  5. To automate approvals, click the Automatically approve requests toggle.
  6. For Key type, click JWT.
  7. For Maximum token TTL enter the value and select the unit of time.
  8. For Signing algorithm, select RSA, HSA (HMAC SHA), or ECDSA.
  9. Paste the cryptographic (private) key in the Signing key field.
  10. For Verifier format, select Raw text or URL.
  11. Paste the public key to verify the digital signature in the Verifier key field.
  12. For Authentication scheme leave the value Bearer.
  13. Click the plus icon to the right of Locations.
    1. For the first field, select whether to check for the token in the Header, Query parameters, or in both. Note: We recommend restricting API key locations to HTTP headers only to avoid accidental leakage.
    2. For Value, name the token. APIM 3.0 generates the token for subscribers.
  14. Click Validate & save.
    The Subscriptions tab now provides information on pending, active, and rejected subscriptions:
    Subscriptions tab with an active subscription

  15. Test the JWT by setting the Service version to Testing
    This creates a temporary Application and generates a JWT that you can use to test.
  16. When ready to publish, change the Service version status to Public.
    In the DeveloperHub site, when a consumer selects the Service version, the Subscribe button is available:
    Service version with Subscribe button.

For subscriptions that aren't automatically approved, when a consumer requests a subscription, the Subscriptions tab shows it as pending:
Pending subscription

The Service owner or an Environment admin can use the three dot menu to approve or reject the request.
Approved subscriptions display in the Active subscriptions table. In the DeveloperHub portal, the Service version shows the consumer that their request was approved. From the Active subscriptions table, use the three dot menu to revoke or renew a subscription:
Pending subscription

APIM 3.0 DeveloperHub portaldescribes how consumers request subscriptions and obtain the key.