You provide an Azure API Management managed web service to clients. The back-end web service implements HTTP Strict Transport Security (HSTS).
Every request to the backend service must include a valid HTTP authorization header.
You need to configure the Azure API Management instance with an authentication policy.
Which two policies can you use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Basic Authentication
B. Digest Authentication
C. Certificate Authentication
D. OAuth Client Credential Grant
A, C
https://learn.microsoft.com/en-us/azure/api-management/api-management-policies#authentication-policies