diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 9f9fe80..4b05b45 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -9,6 +9,9 @@ on:
       resourceGroupName:
         required: true
         type: string
+      reviewApiUrl:
+        required: true
+        type: string
     secrets:
       AZURE_CLIENT_ID:
         required: true
@@ -16,6 +19,8 @@ on:
         required: true
       AZURE_SUBSCRIPTION_ID:
         required: true
+      reviewApiKey:
+        required: true
 
 jobs:
   validate:
@@ -37,6 +42,8 @@ jobs:
          template: ./deploy/main.bicep
          parameters: >
            environmentType=${{ inputs.environmentType }}
+           reviewApiUrl=${{ inputs.reviewApiUrl }}
+           reviewApiKey=${{ secrets.reviewApiKey }}
          deploymentMode: Validate
      - if: inputs.environmentType == 'Production'
        uses: azure/arm-deploy@v1
@@ -47,6 +54,8 @@ jobs:
          template: ./deploy/main.bicep
          parameters: >
            environmentType=${{ inputs.environmentType }}
+           reviewApiUrl=${{ inputs.reviewApiUrl }}
+           reviewApiKey=${{ secrets.reviewApiKey }}
          additionalArguments: --what-if
 
   deploy:
@@ -73,6 +82,8 @@ jobs:
         template: ./deploy/main.bicep
         parameters: >
           environmentType=${{ inputs.environmentType }}
+          reviewApiUrl=${{ inputs.reviewApiUrl }}
+          reviewApiKey=${{ secrets.reviewApiKey }}
 
   smoke-test:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml
index f61bdf8..907d298 100644
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@@ -23,10 +23,12 @@ jobs:
     with:
       environmentType: Test
       resourceGroupName: ToyWebsiteTest
+      reviewApiUrl: https://sandbox.contoso.com/reviews
     secrets:
       AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_TEST }}
       AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
       AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      reviewApiKey: ${{ secrets.REVIEW_API_KEY_TEST }}
 # Deploy to the production environment.
   deploy-production:
     uses: ./.github/workflows/deploy.yml
@@ -34,7 +36,9 @@ jobs:
     with:
       environmentType: Production
       resourceGroupName: ToyWebsiteProduction
+      reviewApiUrl: https://api.contoso.com/reviews
     secrets:
       AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_PRODUCTION }}
       AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
-      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
\ No newline at end of file
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      reviewApiKey: ${{ secrets.REVIEW_API_KEY_TEST }}
\ No newline at end of file
diff --git a/deploy/main.bicep b/deploy/main.bicep
index 8651000..806c889 100644
--- a/deploy/main.bicep
+++ b/deploy/main.bicep
@@ -12,6 +12,13 @@ param environmentType string
 @maxLength(13)
 param resourceNameSuffix string = uniqueString(resourceGroup().id)
 
+@description('The URL to the product review API.')
+param reviewApiUrl string
+
+@secure()
+@description('The API key to use when accessing the product review API.')
+param reviewApiKey string
+
 // Define the names for resources.
 var appServiceAppName = 'toy-website-${resourceNameSuffix}'
 var appServicePlanName = 'toy-website'
@@ -70,6 +77,14 @@ resource appServiceApp 'Microsoft.Web/sites@2022-03-01' = {
           name: 'APPLICATIONINSIGHTS_CONNECTION_STRING'
           value: applicationInsights.properties.ConnectionString
         }
+        {
+          name: 'ReviewApiUrl'
+          value: reviewApiUrl
+        }
+        {
+          name: 'ReviewApiKey'
+          value: reviewApiKey
+        }
       ]
     }
   }