Microsoft Azure API Management · Arazzo Workflow

Azure API Management Rotate Subscription Keys

Version 1.0.0

Confirm a subscription, regenerate both keys, then retrieve the new secrets.

1 workflow 1 source API 1 provider
View Spec View on GitHub A2AAI GatewayAPI CenterAPI GatewayAPI ManagementEnterpriseMCPMicrosoft AzureArazzoWorkflows

Provider

microsoft-azure-api-management

Workflows

rotate-subscription-keys
Regenerate both subscription keys and return the new secrets.
Confirms the subscription, regenerates the primary and secondary keys, then lists the secrets to surface the rotated keys.
4 steps inputs: resourceGroupName, serviceName, sid, subscriptionId outputs: primaryKey, secondaryKey
1
getSubscription
Subscription_Get
Read the subscription to confirm it exists before rotating its keys.
2
regeneratePrimary
Subscription_RegeneratePrimaryKey
Regenerate the primary subscription key.
3
regenerateSecondary
Subscription_RegenerateSecondaryKey
Regenerate the secondary subscription key.
4
getSecrets
Subscription_ListSecrets
Retrieve the rotated primary and secondary keys.

Source API Descriptions

openapi
azureApiManagementApi https://raw.githubusercontent.com/api-evangelist/microsoft-azure-api-management/refs/heads/main/openapi/microsoft-azure-api-management-rest-api-openapi.yaml

Arazzo Workflow Specification

microsoft-azure-api-management-rotate-subscription-keys-workflow.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: Azure API Management Rotate Subscription Keys
  summary: Confirm a subscription, regenerate both keys, then retrieve the new secrets.
  description: >-
    Rotates the credentials on an existing subscription. The workflow reads the
    subscription to confirm it exists, regenerates the primary key and then the
    secondary key, and finally retrieves the new secrets so they can be
    distributed. Every step spells out its request inline so the flow can be
    read and executed without opening the underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: azureApiManagementApi
  url: ../openapi/microsoft-azure-api-management-rest-api-openapi.yaml
  type: openapi
workflows:
- workflowId: rotate-subscription-keys
  summary: Regenerate both subscription keys and return the new secrets.
  description: >-
    Confirms the subscription, regenerates the primary and secondary keys, then
    lists the secrets to surface the rotated keys.
  inputs:
    type: object
    required:
    - subscriptionId
    - resourceGroupName
    - serviceName
    - sid
    properties:
      subscriptionId:
        type: string
        description: The Azure subscription identifier.
      resourceGroupName:
        type: string
        description: The resource group containing the service.
      serviceName:
        type: string
        description: The API Management service name.
      sid:
        type: string
        description: The subscription identifier whose keys are rotated.
  steps:
  - stepId: getSubscription
    description: >-
      Read the subscription to confirm it exists before rotating its keys.
    operationId: Subscription_Get
    parameters:
    - name: subscriptionId
      in: path
      value: $inputs.subscriptionId
    - name: resourceGroupName
      in: path
      value: $inputs.resourceGroupName
    - name: serviceName
      in: path
      value: $inputs.serviceName
    - name: sid
      in: path
      value: $inputs.sid
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      subscriptionResourceId: $response.body#/id
  - stepId: regeneratePrimary
    description: >-
      Regenerate the primary subscription key.
    operationId: Subscription_RegeneratePrimaryKey
    parameters:
    - name: subscriptionId
      in: path
      value: $inputs.subscriptionId
    - name: resourceGroupName
      in: path
      value: $inputs.resourceGroupName
    - name: serviceName
      in: path
      value: $inputs.serviceName
    - name: sid
      in: path
      value: $inputs.sid
    successCriteria:
    - condition: $statusCode == 200
  - stepId: regenerateSecondary
    description: >-
      Regenerate the secondary subscription key.
    operationId: Subscription_RegenerateSecondaryKey
    parameters:
    - name: subscriptionId
      in: path
      value: $inputs.subscriptionId
    - name: resourceGroupName
      in: path
      value: $inputs.resourceGroupName
    - name: serviceName
      in: path
      value: $inputs.serviceName
    - name: sid
      in: path
      value: $inputs.sid
    successCriteria:
    - condition: $statusCode == 200
  - stepId: getSecrets
    description: >-
      Retrieve the rotated primary and secondary keys.
    operationId: Subscription_ListSecrets
    parameters:
    - name: subscriptionId
      in: path
      value: $inputs.subscriptionId
    - name: resourceGroupName
      in: path
      value: $inputs.resourceGroupName
    - name: serviceName
      in: path
      value: $inputs.serviceName
    - name: sid
      in: path
      value: $inputs.sid
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      primaryKey: $response.body#/primaryKey
      secondaryKey: $response.body#/secondaryKey
  outputs:
    primaryKey: $steps.getSecrets.outputs.primaryKey
    secondaryKey: $steps.getSecrets.outputs.secondaryKey