Document Intelligence Guide
This guide explains how to call Azure Document Intelligence through the platform gateway, including the one configuration change that usually surprises developers: the software development kit must send the subscription key in the header name expected by the platform gateway.
Software Development Kit Configuration Required
When you use Azure Document Intelligence client libraries through the platform gateway, configure them to send
When you use Azure Document Intelligence client libraries through the platform gateway, configure them to send
api-key instead of the default Ocp-Apim-Subscription-Key header.
API Key Header Configuration
Why api-key?
The platform uses a single Azure gateway service for application programming interfaces in front of several services, including language models, document processing, search, and storage. Because that gateway can only use one subscription key header name consistently, the documentation standardises on api-key.
The platform uses api-key because:
- SDK Compatibility: OpenAI SDK and other AI service libraries expect
api-key - Industry Standard:
api-keyis a more widely recognized header name than APIM-specific headers - Developer Experience: Reduces confusion by using a consistent, familiar header across all services
Default Behavior vs Required Behavior:
| SDK | Default Header | APIM Expected Header |
|---|---|---|
| Azure Document Intelligence SDK | Ocp-Apim-Subscription-Key |
api-key |
| Azure OpenAI SDK | api-key |
api-key ✓ |
SDK Configuration Examples
JavaScript/TypeScript (@azure-rest/ai-document-intelligence)
When using the @azure-rest/ai-document-intelligence npm package, configure the client to use api-key header:
import DocumentIntelligence from "@azure-rest/ai-document-intelligence";
const endpoint = "https://apim-gateway.azure-api.net/tenant/documentintelligence";
const apiKey = "your-apim-subscription-key";
// Configure client with custom API key header name
const client = DocumentIntelligence(endpoint, { key: apiKey }, {
credentials: {
apiKeyHeaderName: "api-key", // Override default "Ocp-Apim-Subscription-Key"
},
});
// Use the client normally
const result = await client.path("/documentModels/{modelId}:analyze", "prebuilt-read")
.post({
contentType: "application/json",
body: {
urlSource: "https://example.com/document.pdf"
}
});
Key Point
The
The
apiKeyHeaderName configuration tells the SDK to send the subscription key using the api-key header instead of the default Ocp-Apim-Subscription-Key.
Python (azure-ai-documentintelligence)
from azure.ai.documentintelligence import DocumentIntelligenceClient
from azure.core.credentials import AzureKeyCredential
from azure.core.pipeline.policies import HeadersPolicy
endpoint = "https://apim-gateway.azure-api.net/tenant/documentintelligence"
api_key = "your-apim-subscription-key"
# Create custom headers policy to use api-key header
headers_policy = HeadersPolicy()
headers_policy.add_header("api-key", api_key)
# Create client with custom policy
client = DocumentIntelligenceClient(
endpoint=endpoint,
credential=AzureKeyCredential(api_key),
headers_policy=headers_policy
)
# Alternatively, use custom header directly in requests
# Note: Some SDK versions may require different configuration approaches
Python SDK Note
The Python SDK's approach to custom headers may vary by version. Check the SDK documentation for your specific version. Some versions may require setting headers differently or may not support custom API key header names. In such cases, use direct REST API calls with the
The Python SDK's approach to custom headers may vary by version. Check the SDK documentation for your specific version. Some versions may require setting headers differently or may not support custom API key header names. In such cases, use direct REST API calls with the
requests library.
.NET (Azure.AI.DocumentIntelligence)
using Azure;
using Azure.AI.DocumentIntelligence;
using Azure.Core.Pipeline;
string endpoint = "https://apim-gateway.azure-api.net/tenant/documentintelligence";
string apiKey = "your-apim-subscription-key";
// Create client options with custom header
var options = new DocumentIntelligenceClientOptions();
options.AddPolicy(new AddHeaderPolicy("api-key", apiKey), HttpPipelinePosition.PerCall);
// Create client
var client = new DocumentIntelligenceClient(
new Uri(endpoint),
new AzureKeyCredential(apiKey),
options
);
// Custom policy to add api-key header
public class AddHeaderPolicy : HttpPipelineSynchronousPolicy
{
private readonly string _headerName;
private readonly string _headerValue;
public AddHeaderPolicy(string headerName, string headerValue)
{
_headerName = headerName;
_headerValue = headerValue;
}
public override void OnSendingRequest(HttpMessage message)
{
message.Request.Headers.Add(_headerName, _headerValue);
}
}
Direct REST API (curl)
If SDK configuration is complex or unavailable, use direct REST API calls:
# Analyze document with prebuilt-read model
curl -X POST "https://apim-gateway.azure-api.net/tenant/documentintelligence/documentModels/prebuilt-read:analyze?api-version=2024-07-31-preview" \
-H "api-key: your-apim-subscription-key" \
-H "Content-Type: application/json" \
-d '{
"urlSource": "https://example.com/document.pdf"
}'
# Alternative: Use query parameter
curl -X POST "https://apim-gateway.azure-api.net/tenant/documentintelligence/documentModels/prebuilt-read:analyze?api-version=2024-07-31-preview&api-key=your-apim-subscription-key" \
-H "Content-Type: application/json" \
-d '{
"urlSource": "https://example.com/document.pdf"
}'
Async Operations & Polling
Document Intelligence async operations (document analysis, model training) return a 202 Accepted response with an Operation-Location header for status polling.
Automatic Header Rewrite
APIM automatically rewrites the Operation-Location header to point back through the APIM gateway instead of directly to the Document Intelligence backend.
Example transformation:
Backend returns:
Operation-Location: https://tenant-docint.cognitiveservices.azure.com/documentintelligence/documentModels/prebuilt-read/analyzeResults/abc123
APIM rewrites to:
Operation-Location: https://apim-gateway.azure-api.net/tenant/documentintelligence/documentModels/prebuilt-read/analyzeResults/abc123
Why this matters:
- SDKs automatically poll the
Operation-LocationURL - Polling continues through APIM with consistent authentication
- No special SDK configuration needed for polling
- Works transparently with Document Intelligence SDK polling logic
Troubleshooting
| Issue | Cause | Solution |
|---|---|---|
| 401 Unauthorized | SDK sending Ocp-Apim-Subscription-Key instead of api-key |
Configure SDK to use api-key header as shown in examples above |
| 403 Forbidden | Invalid or expired APIM subscription key | Verify subscription key is valid in APIM portal |
| Polling fails after initial request | Operation-Location header not being rewritten (rare) |
Verify tenant API policy includes Operation-Location rewrite logic in <outbound> section |
| SDK throws "Invalid endpoint" error | Endpoint URL must include /tenant/documentintelligence path |
Use full APIM path: https://apim-gateway.azure-api.net/tenant/documentintelligence |
Additional Resources
- Azure Document Intelligence Documentation
- @azure-rest/ai-document-intelligence npm package
- azure-ai-documentintelligence Python package
- Azure.AI.DocumentIntelligence NuGet package
For APIM Technical Details
See the APIM Policy README for information about Operation-Location header rewriting, subscription key normalization, and other APIM policy behaviors.
See the APIM Policy README for information about Operation-Location header rewriting, subscription key normalization, and other APIM policy behaviors.