review

Author: dlepow

articles/api-center/authorize-api-access.md

@@ -43,9 +43,18 @@ For an API that supports API key authentication, complete the following steps.
 
 ### 1. Store API key in Azure Key Vault
 
-Store the API key in Azure Key Vault, and access the key vault using your API center's managed identity. 
+To store the API key as a secret in the key vault, see [Set and retrieve secret in Key Vault](/azure/key-vault/secrets/quick-create-portal).
 
-[!INCLUDE [store-secret-key-vault](includes/store-secret-key-vault.md)]
+Access the key vault using your API center's managed identity. 
+
+
+#### Enable a managed identity in your API center
+
+[!INCLUDE [enable-managed-identity](includes/enable-managed-identity.md)]
+
+#### Assign the managed identity the Key Vault Secrets User role
+
+[!INCLUDE [configure-managed-identity-kv-secret-user](includes/configure-managed-identity-kv-secret-user.md)]
 
 
 ### 2. Add API key configuration
@@ -103,9 +112,18 @@ When configuring OAuth 2.0 in your API center, you need the following values fro
 
 ### 2. Store client secret in Azure Key Vault
 
-Store the secret in Azure Key Vault. Access the key vault using your API center's managed identity. 
+To store the client secret in the key vault, see [Set and retrieve secret in Key Vault](/azure/key-vault/secrets/quick-create-portal).
+
+Access the key vault using your API center's managed identity. 
+
+
+#### Enable a managed identity in your API center
+
+[!INCLUDE [enable-managed-identity](includes/enable-managed-identity.md)]
+
+#### Assign the managed identity the Key Vault Secrets User role
 
-[!INCLUDE [store-secret-key-vault](includes/store-secret-key-vault.md)]
+[!INCLUDE [configure-managed-identity-kv-secret-user](includes/configure-managed-identity-kv-secret-user.md)]
 
 ### 3. Add OAuth 2.0 configuration
 
@@ -134,9 +152,9 @@ Store the secret in Azure Key Vault. Access the key vault using your API center'
 
 1. Select **Create** to save the configuration.
 
-### Option 3: Configure settings for another HTTP security scheme
+## Option 3: Configure settings for another HTTP security scheme
 
-For APIs that use another HTTP security scheme, such as Basic authentication or bearer tokens that don't use OAuth 2.0, complete the following steps. You might need to choose this for legacy APIs. 
+For APIs that use another HTTP security scheme, such as Basic authentication or bearer tokens that don't use OAuth 2.0, complete the following steps. You might need to choose this option for legacy APIs. 
 
 In the [portal](https://azure.microsoft.com), go to your API center.
 1. Under **Governance**, select **Authorization (preview)** > **+ Add configuration**.
@@ -147,9 +165,9 @@ In the [portal](https://azure.microsoft.com), go to your API center.
     | **Title**              | Enter a name for the authorization.                                                |
     | **Description**        | Optionally, enter a description for the authorization.                  |
     | **Security scheme**    | Select **HTTP**.           |
-    | **Authentication scheme**    | Select the authentication scheme used by the API. Examples include the schemes in the following table |
+    | **Authentication scheme**    | Select the authentication scheme used by the API. Examples include the schemes in the following table. |
 
-    | Scheme | Description |
+    | Authentication scheme | Description |
     |---|---|
     | **Basic** | Sends `username:password` as a Base64-encoded string in the `Authorization: Basic <credentials>` header.  |
     | **Bearer** | Sends a token other than an OAuth 2.0 access token in the `Authorization: Bearer <token>` header.  |

articles/api-center/build-register-apis-vscode-extension.md

@@ -76,4 +76,5 @@ To allow import of APIs, assign your API center's managed identity the **Key Vau
         --assignee-object-id $apicObjID `
         --assignee-principal-type ServicePrincipal `
         --scope $scope 
+    ```
 ---

articles/api-center/includes/configure-managed-identity-kv-secret-user.md

@@ -11,8 +11,6 @@ ms.date: 12/20/2024
 ms.custom: Include file
 ---
 
-## Enable a managed identity in your API center
-
 For this scenario, your API center uses a [managed identity](/entra/identity/managed-identities-azure-resources/overview) to access Azure resources. Depending on your needs, enable either a system-assigned or one or more user-assigned managed identities. 
 
 The following examples show how to enable a system-assigned managed identity by using the Azure portal or the Azure CLI. At a high level, configuration steps are similar for a user-assigned managed identity. 

articles/api-center/includes/enable-managed-identity.md

@@ -14,27 +14,11 @@ ms.custom: Include file
 
 To store the API key as a secret in the key vault, see [Set and retrieve secret in Key Vault](/azure/key-vault/secrets/quick-create-portal).
 
-#### Enable a managed identity in your API center
 
-For this scenario, your API center uses a [managed identity](/entra/identity/managed-identities-azure-resources/overview) to access the key vault. Depending on your needs, enable either a system-assigned or one or more user-assigned managed identities. 
+### Enable a managed identity in your API center
 
-The following example shows how to enable a system-assigned managed identity by using the Azure portal. At a high level, configuration steps are similar for a user-assigned managed identity. 
+[!INCLUDE [enable-managed-identity](includes/enable-managed-identity.md)]
 
+### Assign the managed identity the Key Vault Secrets User role
 
-1. In the [portal](https://azure.microsoft.com), navigate to your API center.
-1. In the left menu, under **Security**, select **Managed identities**.
-1. Select **System assigned**, and set the status to **On**.
-1. Select **Save**.
-
-#### Assign the Key Vault Secrets User role to the managed identity
-
-Assign your API center's managed identity the **Key Vault Secrets User** role in your key vault. The following steps use the Azure portal.
-
-1. In the [portal](https://azure.microsoft.com), navigate to your key vault.
-1. In the left menu, select **Access control (IAM)**.
-1. Select **+ Add** > **Add role assignment**.
-1. On the **Add role assignment** page, set the values as follows: 
-    1. On the **Role** tab, select **Key Vault Secrets User**.
-    1. On the **Members** tab, in **Assign access to**, select **Managed identity** > **+ Select members**.
-    1. On the **Select managed identities** page, select the system-assigned managed identity of your API center that you added in the previous section. Click **Select**.
-    1. Select **Review + assign** twice.
+[!INCLUDE [configure-managed-identity-kv-secret-user](includes/configure-managed-identity-kv-secret-user.md)]

articles/api-center/includes/store-secret-key-vault.md

@@ -53,9 +53,11 @@ API Management APIs automatically synchronize to the API center whenever existin
     > [!NOTE]
     > You can run Azure CLI command examples in this article in PowerShell or a bash shell. Where different variable syntax is required, the article provides separate command examples for the two shells.
 
+## Enable a managed identity in your API center
+
 [!INCLUDE [enable-managed-identity](includes/enable-managed-identity.md)]
 
-## Assign the managed identity the API Management Service Reader role
+### Assign the managed identity the API Management Service Reader role
 
 [!INCLUDE [configure-managed-identity-apim-reader](includes/configure-managed-identity-apim-reader.md)]
 

articles/api-center/synchronize-api-management-apis.md

@@ -83,10 +83,11 @@ Manually upload and securely store the two IAM user access keys in Azure Key Vau
 
 Take note of the **Secret identifier** of each secret, a URI similar to `https://<key-vault-name>.vault.azure.net/secrets/<secret-name>`. You use these identifiers in the next steps.
 
+## Configure a managed identity for your API center
 
 [!INCLUDE [enable-managed-identity](includes/enable-managed-identity.md)]
 
-## Assign the managed identity the Key Vault Secrets User role
+### Assign the managed identity the Key Vault Secrets User role
 
 [!INCLUDE [configure-managed-identity-kv-secret-user](includes/configure-managed-identity-kv-secret-user.md)]