![[The AI Show Episode 142]: ChatGPT’s New Image Generator, Studio Ghibli Craze and Backlash, Gemini 2.5, OpenAI Academy, 4o Updates, Vibe Marketing & xAI Acquires X](https://www.marketingaiinstitute.com/hubfs/ep%20142%20cover.png)
![[DEALS] The Premium Learn to Code Certification Bundle (97% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![From drop-out to software architect with Jason Lengstorf [Podcast #167]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743796461357/f3d19cd7-e6f5-4d7c-8bfc-eb974bc8da68.png?#)
.png?#)
_Christophe_Coat_Alamy.jpg?#)
 (1).webp?#)
![Apple Considers Delaying Smart Home Hub Until 2026 [Gurman]](https://www.iclarified.com/images/news/96946/96946/96946-640.jpg)
![iPhone 17 Pro Won't Feature Two-Toned Back [Gurman]](https://www.iclarified.com/images/news/96944/96944/96944-640.jpg)
![Tariffs Threaten Apple's $999 iPhone Price Point in the U.S. [Gurman]](https://www.iclarified.com/images/news/96943/96943/96943-640.jpg)
Secure Azure Functions Endpoints with Access Keys
Azure Functions allows you to use keys to restrict access to your function endpoints. Unless the HTTP access level of an HTTP-triggered function is set to anonymous, requests must include an access key. Understanding Access Keys The scope of an access key and the actions it supports depend on its type. Key type Key name Action Description Function default or user defined Execute specific function Grants access only to a specific function endpoint. Host default or user defined Execute any function Grants access to all function endpoints within a function app. Master _master Call an admin endpoint A special host key that also provides administrative access to the runtime REST APIs in a function app. System Depends on the extension Call durable task extension APIs or extension - specific webhook Certain extensions require a system-assigned key to access webhook endpoints. These system keys are intended for extension-specific function endpoints invoked by internal components. Selecting the Authentication Level When creating an HTTP-triggered function, you must choose an authentication level. This determines whether requests require an access key. The available options typically include: FUNCTION – Requires a function-specific access key. ANONYMOUS – Allows open access with no authentication. ADMIN – Requires the master key for access. During the function creation process, you may see a prompt similar to this: Selecting FUNCTION ensures that access to the function requires a valid function key. Checking Authorization in Code import azure.functions as func import datetime import json import logging app = func.FunctionApp() @app.route(route="api_test", auth_level=func.AuthLevel.FUNCTION) def api_test(req: func.HttpRequest) -> func.HttpResponse: logging.info('Python HTTP trigger function processed a request.') return func.HttpResponse("This HTTP triggered function authenticated and executed successfully", status_code=200) The auth_level=func.AuthLevel.FUNCTION setting ensures that the function requires authentication using a function-level access key. Sending Requests with an Access Key When making a request to a function with authentication enabled (i.e., auth_level=func.AuthLevel.FUNCTION), you must include the access key in the x-functions-key header. Example using curl curl -X GET "https://.azurewebsites.net/api/api_test" \ -H "x-functions-key: YOUR_ACCESS_KEY" Example using Python (Requests library) import requests url = "https://.azurewebsites.net/api/api_test" headers = { "x-functions-key": "YOUR_ACCESS_KEY" } response = requests.get(url, headers=headers) This ensures that only clients with the correct access key can invoke the function. Get your function access keys You get get your Access keys from Azure Portal. Sign in to the Azure portal, then search for and select Function App. Select the function app you want to work with. In the left pane, expand Functions, and then select App keys. The App keys page appears. On this page the host keys are displayed, which can be used to access any function in the app. The system key is also displayed, which gives anyone administrator-level access to all function app APIs. Resources Securing Azure Functions Work with access keys in Azure Functions
Azure Functions allows you to use keys to restrict access to your function endpoints. Unless the HTTP access level of an HTTP-triggered function is set to anonymous, requests must include an access key.
Understanding Access Keys
The scope of an access key and the actions it supports depend on its type.
| Key type | Key name | Action | Description |
|---|---|---|---|
| Function |
default or user defined |
Execute specific function | Grants access only to a specific function endpoint. |
| Host |
default or user defined |
Execute any function | Grants access to all function endpoints within a function app. |
| Master | _master |
Call an admin endpoint | A special host key that also provides administrative access to the runtime REST APIs in a function app. |
| System | Depends on the extension | Call durable task extension APIs or extension - specific webhook | Certain extensions require a system-assigned key to access webhook endpoints. These system keys are intended for extension-specific function endpoints invoked by internal components. |
Selecting the Authentication Level
When creating an HTTP-triggered function, you must choose an authentication level. This determines whether requests require an access key. The available options typically include:
- FUNCTION – Requires a function-specific access key.
- ANONYMOUS – Allows open access with no authentication.
- ADMIN – Requires the master key for access.
During the function creation process, you may see a prompt similar to this:
Selecting FUNCTION ensures that access to the function requires a valid function key.
Checking Authorization in Code
import azure.functions as func
import datetime
import json
import logging
app = func.FunctionApp()
@app.route(route="api_test", auth_level=func.AuthLevel.FUNCTION)
def api_test(req: func.HttpRequest) -> func.HttpResponse:
logging.info('Python HTTP trigger function processed a request.')
return func.HttpResponse("This HTTP triggered function authenticated and executed successfully", status_code=200)
The auth_level=func.AuthLevel.FUNCTION setting ensures that the function requires authentication using a function-level access key.
Sending Requests with an Access Key
When making a request to a function with authentication enabled (i.e., auth_level=func.AuthLevel.FUNCTION), you must include the access key in the x-functions-key header.
Example using curl
curl -X GET "https://.azurewebsites.net/api/api_test" \
-H "x-functions-key: YOUR_ACCESS_KEY"
Example using Python (Requests library)
import requests
url = "https://.azurewebsites.net/api/api_test "
headers = {
"x-functions-key": "YOUR_ACCESS_KEY"
}
response = requests.get(url, headers=headers)
This ensures that only clients with the correct access key can invoke the function.
Get your function access keys
You get get your Access keys from Azure Portal.
- Sign in to the Azure portal, then search for and select Function App.
- Select the function app you want to work with.
- In the left pane, expand Functions, and then select App keys.
The App keys page appears. On this page the host keys are displayed, which can be used to access any function in the app. The system key is also displayed, which gives anyone administrator-level access to all function app APIs.
