kevinhillinger/api-app-manifest.json

## api-app-manifest.json
{
	"id": "f54fd36e-57c8-4408-a870-3ef2b3b4b685",
	"acceptMappedClaims": null,
	"accessTokenAcceptedVersion": null,
	"addIns": [],
	"allowPublicClient": null,
	"appId": "da66ee7b-d762-4e19-8d7c-66a9974baeab",
	"appRoles": [
		{
			"allowedMemberTypes": [
				"Application"
			],
			"description": "Application permission to do something",
			"displayName": "API Permission",
			"id": "3ea51f40-2ad7-4e79-aa18-12c45156dc6a",
			"isEnabled": true,
			"lang": null,
			"origin": "Application",
			"value": "contributor"
		}
	],
	"oauth2AllowUrlPathMatching": false,
	"createdDateTime": "2019-10-24T15:18:13Z",
	"groupMembershipClaims": null,
	"identifierUris": [
		"api://da66ee7b-d762-4e19-8d7c-66a9974baeab"
	],
	"informationalUrls": {
		"termsOfService": null,
		"support": null,
		"privacy": null,
		"marketing": null
	},
	"keyCredentials": [],
	"knownClientApplications": [],
	"logoUrl": null,
	"logoutUrl": null,
	"name": "Secured API",
	"oauth2AllowIdTokenImplicitFlow": false,
	"oauth2AllowImplicitFlow": false,
	"oauth2Permissions": [],
	"oauth2RequirePostResponse": false,
	"optionalClaims": null,
	"orgRestrictions": [],
	"parentalControlSettings": {
		"countriesBlockedForMinors": [],
		"legalAgeGroupRule": "Allow"
	},
	"passwordCredentials": [],
	"preAuthorizedApplications": [],
	"publisherDomain": "microsoft.onmicrosoft.com",
	"replyUrlsWithType": [],
	"requiredResourceAccess": [
		{
			"resourceAppId": "00000003-0000-0000-c000-000000000000",
			"resourceAccess": [
				{
					"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
					"type": "Scope"
				}
			]
		}
	],
	"samlMetadataUrl": null,
	"signInUrl": null,
	"signInAudience": "AzureADMyOrg",
	"tags": [],
	"tokenEncryptionKeyId": null
}

## apim_policy.xml
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
    <openid-config url="https://login.microsoftonline.com/contoso.onmicrosoft.com/.well-known/openid-configuration" />
    <audiences>
        <audience>api://f54fd36e-57c8-4408-a870-3ef2b3b4b685</audience>
    </audiences>
    <required-claims>
        <claim name="roles" match="all">
            <value>contributor</value>
        </claim>
    </required-claims>
</validate-jwt>
	{
	"id": "f54fd36e-57c8-4408-a870-3ef2b3b4b685",
	"acceptMappedClaims": null,
	"accessTokenAcceptedVersion": null,
	"addIns": [],
	"allowPublicClient": null,
	"appId": "da66ee7b-d762-4e19-8d7c-66a9974baeab",
	"appRoles": [
	{
	"allowedMemberTypes": [
	"Application"
	],
	"description": "Application permission to do something",
	"displayName": "API Permission",
	"id": "3ea51f40-2ad7-4e79-aa18-12c45156dc6a",
	"isEnabled": true,
	"lang": null,
	"origin": "Application",
	"value": "contributor"
	}
	],
	"oauth2AllowUrlPathMatching": false,
	"createdDateTime": "2019-10-24T15:18:13Z",
	"groupMembershipClaims": null,
	"identifierUris": [
	"api://da66ee7b-d762-4e19-8d7c-66a9974baeab"
	],
	"informationalUrls": {
	"termsOfService": null,
	"support": null,
	"privacy": null,
	"marketing": null
	},
	"keyCredentials": [],
	"knownClientApplications": [],
	"logoUrl": null,
	"logoutUrl": null,
	"name": "Secured API",
	"oauth2AllowIdTokenImplicitFlow": false,
	"oauth2AllowImplicitFlow": false,
	"oauth2Permissions": [],
	"oauth2RequirePostResponse": false,
	"optionalClaims": null,
	"orgRestrictions": [],
	"parentalControlSettings": {
	"countriesBlockedForMinors": [],
	"legalAgeGroupRule": "Allow"
	},
	"passwordCredentials": [],
	"preAuthorizedApplications": [],
	"publisherDomain": "microsoft.onmicrosoft.com",
	"replyUrlsWithType": [],
	"requiredResourceAccess": [
	{
	"resourceAppId": "00000003-0000-0000-c000-000000000000",
	"resourceAccess": [
	{
	"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
	"type": "Scope"
	}
	]
	}
	],
	"samlMetadataUrl": null,
	"signInUrl": null,
	"signInAudience": "AzureADMyOrg",
	"tags": [],
	"tokenEncryptionKeyId": null
	}
	<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
	<openid-config url="https://login.microsoftonline.com/contoso.onmicrosoft.com/.well-known/openid-configuration" />
	<audiences>
	<audience>api://f54fd36e-57c8-4408-a870-3ef2b3b4b685</audience>
	</audiences>
	<required-claims>
	<claim name="roles" match="all">
	<value>contributor</value>
	</claim>
	</required-claims>
	</validate-jwt>