I'm laying down the architecture for a Web Api that will be open to third parties on a subscription basis, and the third party's own IoT Devices will need to publish events "directly" to my own Azure Event Hub.
Naturally, I have to restrict which IoT devices are capable of directly publishing to my Event Hub, and therefore in my Developer API in my own customer portal, I will have to auto-generate custom access code snippets - and perhaps even provide a library - that will enable them to publish events directly to my own Event Hub, but which will restrict the capacity to do so to those who I have authorised to have access in my developer API area and in having authorised them, given them a mechanism so that they can directly publish to my Event Hub.
I'd also need the capacity to revoke or suspend individual third party access as well.
Is it possible for me to provide Third Party Publishing Rights to my Event Hub (or any mechanism that does the job) so that DIRECT publishing access is available but restricted to my own authorised third party clients?
The alternative would be for me to channel them INDIRECTLY through my own oAuth2 Web Api and have it pipe the events to my Event Hub, but that sort-of defeats the direct 'firehose' access advantage to Azure Event Hubs as I'd have to be capable of exponentially scaling the Web Api based upon a multitude of devices worldwide, needing to publish to the Event Hub via the Web Api, every five seconds?
And naturally, in addition to 'is it possible', given that it is, then 'how'?