services / Azure / API Management credential-manager authorization (connection)
An Authorization (connection) is a stored credential-manager record holding the OAuth access/refresh tokens (or client-credential secret) that APIM uses to call an OAuth-protected backend identity on the caller's behalf.
The stored tokens are encrypted and write-only: they are never returned by read/list APIs and are usable only at runtime through the get-authorization-context policy. Read operations expose only connection metadata/status.
Microsoft.ApiManagement/service/authorizationProviders/authorizations/delete
Deleting an authorization destroys the stored OAuth token/credential connection and breaks the backend access that dependent APIs rely on, denying authorized operation.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security