You provide an Azure API Management managed web service to clients. The back-end web service implements HTTP Strict Transport Security (HSTS).
Every request to the backend service must include a valid HTTP authorization header.
You need to configure the Azure API Management instance with an authentication policy.
Which two policies can you use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. OAuth Client Credential Grant
B. Basic Authentication
C. Certificate Authentication
D. Digest Authentication
correct is BC – https://docs.microsoft.com/en-us/azure/api-management/api-management-authentication-policies