Polysync Service Principal ⭐ (recommended) — no extra attributes;
ensure the Polysync Enterprise Application has access to invoke the
Function App via Entra ID authentication.
Service Principal — Tenant Id, Client Id, Client Secret. Use
when you need a dedicated SPN per app. Rotate the secret regularly.
Function Key — Function Key (host or per-function key). Simple but
bypasses Entra ID; rotate when leaked.
Permissions checklist
Identity-based auth requires the Function App to have App Service
Authentication configured to accept Entra tokens, and the identity to
hold the Website Contributor (or a custom invoke) role.
For Function Key auth, store the key in a Secret Vault and reference it
rather than pasting it into the Platform attributes.