API key authentication

[Benjiiim]

Following the question in the last community standup with @JerryNixon, @yorek and @seantleonard, I'm creating the discussion here. Please let me know if I should create an Issue or something instead. :-)

What about implementing a simple API key authentication (based on a API key such as x-api-key in the header) in DAB?

The simplicity of API Key Authentication make it very popular out there. I'm aware that API key authentication is not the most secure authentication mechanism but its simplicity can help in various scenarios: server to server communication, read-only APIs, public facing APIs, non critical APIs, ...

One workaround is to have Azure API Management in front of DAB to handle the API key authentication thanks to the subscription key feature. The communication between APIM and DAB can be secured through Azure AD/Entra ID authentication thanks to APIM Managed Identity.