What's the difference between Microsoft.ApiManagement/service/portalsettings and Microsoft.ApiManagement/service/portalconfigs

Question

What's the difference between the Microsoft.ApiManagement/service/portalsettings and Microsoft.ApiManagement/service/portalconfigs resources of Azure API Management?

I want to deploy some Azure API Management Developer Portal configuration using Bicep. One of items is to remove the 'Username and password' Identity Provider because we're going to use Microsoft Entra Id. But I'm not sure what to use.

I've removed the Identity Provider manually and noticed that both the enabled property in the portalsettings resource (name signup) is set to false and that the enableBasicAuth property in the portalconfigs resource is set to false.

I couldn't find anything in the documentation that explains the difference between the two resources.

Answer 1

I did a couple of test deployments and they actually seem to overlap and influence eachother.

For example:

• If you enable the enableBasicAuth property in the portalconfigs, you also enable the portalsettings with name signup and vice versa.
• If you set the terms of service text via the portalsettings resource, you also configure the terms of service text in the portalconfigs resource and vice versa.

So deploying the following Bicep, that only contains portalsettings resources, will update the portalsettings resources and also the portalconfigs resource:

resource portalsettingsSignin 'Microsoft.ApiManagement/service/portalsettings@2022-08-01' = {
  name: 'signin'
  parent: apimService
  properties: {
    enabled: true // also changes /portalconfigs/properties/signin/require
  }
}

resource portalsettingsSignup 'Microsoft.ApiManagement/service/portalsettings@2022-08-01' = {
  name: 'signup'
  parent: apimService
  properties: {
    enabled: true // also changes /portalconfigs/properties/enableBasicAuth
    termsOfService: {
      consentRequired: true // also changes /portalconfigs/properties/signup/termsOfService/requireConsent
      text: 'My Terms of Service' // also changes /portalconfigs/properties/signup/termsOfService/text
      enabled: false  // doesn't seem to change anything in /portalconfigs
    }
  }
}

And the following Bicep has the same effect as the sample above:

resource protalconfigs 'Microsoft.ApiManagement/service/portalconfigs@2022-08-01' = {
  name: 'default'
  parent: apimService
  properties: {
    enableBasicAuth: true
    signin: {
      require: true
    }
    signup: {
      termsOfService: {
        requireConsent: true
        text: 'My Terms of Service'
      }
    }
  }
}

Answer 2

Yes, there is a slight difference between PortalSettings and PortalConfigs in Azure Api Management service.

Microsoft.ApiManagement/service/portalsettings:

This mainly focusses on the user account management part like sign in and login features on the developer portal, enabling or disabling the ability for users to sign up and controlling the available methods for user authentication, such as Azure AD etc.

Microsoft.ApiManagement/service/portalconfigs:

This manages overall the configuration options on the developer portal and focusses on the authentication like enableBasicAuth.

Also, this resource provider can be used to set up the disabling of basic authentication, typically done when transitioning to alternative authentication methods. (Your scenario)

Noticed that both the enabled property in the portalsettings resource (name signup) is set to false and that the enableBasicAuth property in the portalconfigs resource is set to false:

The above observation is correct.

• Setting enabled to false in portalsettings ( signup) disables user sign-up through the developer portal.
• Setting enableBasicAuth to false in portalconfigs disables basic authentication.

I tried below sample bicep code execution for Portal Settings (user related) behavior and was succeeded as shown.

resource apima 'Microsoft.ApiManagement/service@2023-05-01-preview' existing= {
name: 'xxxapimgmt'
}
resource sett 'Microsoft.ApiManagement/service/portalsettings@2023-05-01-preview' = {
  name: 'signin'
  parent: apima
  properties: {
    enabled: true
  }
}