Hi @Thomas Van den Bossche Greetings! Welcome to Microsoft Q&A forum. Thank you for posting this question here.
I see the third scenario is a bit confusing. Based on the information you've given, I'll make the following assumptions. Let me know if anything needs to be adjusted.
- v0 endpoint has subscription required is unchecked at API scope.
- It is not part of any product.
- You are providing a subscription key associated with a product in scenario 3 (that V1 is part of, but it doesn't really matter in this case)
Given these assumptions, when you make a request to the v0 endpoint with a subscription key, APIM verifies if the provided key is -
- A subscription scoped to the API - Not applicable.
- A subscription scoped to all APIs - Not applicable.
- The service-scoped subscription (built-in all access subscription) - Not applicable.
- A subscription scoped to a product that's assigned to the API - This condition fails; given that subscription key belongs to a product which this API isn't a part of - This is why you get an access denied error.
Yet, when you send the same request without the subscription key, the following checks occur -
- Check first for the existence of a product that includes the API but doesn't require a subscription (an open product) - Let's assume you don't have an open product.
- If an open product including the API isn't found, check whether the API requires a subscription. If a subscription isn't required, handle the request in the context of that API and operation - This condition is met successfully, allowing the request to proceed..
If the response helped, please do click Accept Answer and Yes for the answer provided. Doing so would help other community members with similar issue identify the solution. I highly appreciate your contribution to the community.