By default, your registered APIs are public and don’t require API key authentication. You can allow API keys to govern access to an API and all its resources by making the API private. By doing so, you improve the protection of your API and gain control over quota settings. If you wish, you can still make individual resources public within your registered private API.
API privacy is closely related to API keys. When you specify an endpoint or resource as private, your API consumers can access that endpoint or resource only if they identify with an appropriate API key. You associate collections of API keys with specific private endpoints and resources in the API Keys and Traffic Management application by selecting appropriate elements in a key collection’s access control list.
Because API privacy relies on API key implementation, to use this feature you must first specify the API key location on the API registration page.