I am publishing our APIs by the Portal and setting the security to use API Key.
However, the auto generated policy that validate the API Key gets the Key only from the query parameter.
Is there a way to change the auto generated policy to get the Key from the header (without to do it mannualy by Policy Manager)?
For our scenario this is a security issue, because the API Key can be easily captured when it is used as a query parameter.
Thanks in advance!