When creating an Azure Function triggered via HTTP, one way to authorize use of the function is to configure the HTTP function trigger to require the caller to provide a function key.
With the authorization set to Anonymous, as expected anyone can call it.
When set to Function Authorization, the caller needs to provide the function key either as a URL query string parameter or in a header.
The function key can be found by navigating to Manage tab as the following screenshot shows:
Once Function Authorization is enabled, if the client does not provide it correctly the function will return a 401 Unauthorized.
To supply the function key in the URL, the “code” query string parameter can be used, e.g. “https://myazurecloudfunctions.azurewebsites.net/api/SayHi?code=udXhf3pviSICFMtViW/pqmV/1Q5vLH5aMcRWXfD/q6NXk2VVxRlfYw==”.
Alternatively an “x-functions-key” header can be added containing the key as the following Postman screenshot shows:
