Protect Custom Event Topic with API Management

Azure Event Grid is a central management service for events. The service is embedded in various Azure services as event source – meaning it emits events to an Event Grid Topic within the service. Moreover, you can also create a custom Event Grid Topic to send custom events adhering to Event Grid or Cloud Event schema.

You can create a custom Event Grid Topic through the Azure Portal (see Azure documentation). Once the Event Grid Topic is available, the endpoint is exposed to the outside world.

The Topic Endpoint will have the following format:

https://{specified-name}.location}.eventgrid.azure.net/api/events

The endpoint is accessible only when you provide either the access-key in the aeg-sas-key request header or add an aeg-sas-token in query parameters of the request (see custom event publishing).

You can further harden the security of the endpoint by creating a proxy of the endpoint in API Management - that is you can change the authentication to the endpoint by leveraging Oauth. Thus, before an event source sends the event to the Topic, it needs to authenticate itself first. Furthermore, by creating an API definition for the custom topic you can also apply policies such as rate-limiting.