Authentication / Authorization

Let me provide a scenario and see if this is possible.

  1. I have an azure function that is listening to a queue to indicate a product file needs to be uploaded.
  2. When that queue triggers I want to call into a custom module to import this product file. So in this function I will trigger and http post request to a custom module that contains details of where csv is stored in blob storage for importing.

I would like to levarage the ICsvCatalogImporter and particularly the DoImportAsync method.

The issue that I am facing is the implementation of the DoImport makes use of

var authorizationResult = await _authorizationService.AuthorizeAsync(User, criteria, new CatalogAuthorizationRequirement(CatalogModuleConstants.Security.Permissions.Update));

Since I am invoking an api call from a function, I would not be an authenticated user and have all the tokens.

Is there a mechanism to invoke and api method in a custom module in which it thinks the request is coming from some type of admin or know user?


To invoke api method, you should create API key, create role and grant access to specific permissions

Then check that API is available via Swagger pannel