Implement API Management

Implement API Management is part of Connect to and consume Azure services and third-party services topics. the total weight of this in the exam will be 25-30%. This training post is designed to help and provide readers with a better understanding of the topic mentioned.

Disclaimer: This is not a training article to help complete the Microsoft Azure AZ-204, but it provides a good insight and understanding of topics and subject matters within the specified. labs and hands-on work are essential to passing most Microsoft Azure exams.

Implement API Management:
API Management (APIM) Overview

Implement API Management

API Management (APIM) Overview:

API Management (APIM) helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services. Businesses everywhere are seeking to extend their operations as a digital platform, creating new channels, finding new customers, and driving deeper engagement with existing ones. API Management provides the core competencies to ensure a successful API program through developer engagement, business insights, analytics, security, and protection. You can use Azure API Management to take any backend and launch a full-fledged API program based on it.

Terminology

Backend API

An HTTP service that implements your API and its operations.

Frontend API/APIM API

An APIM API does not host APIs, it creates facades for your APIs to customize the facade according to your needs without touching the back-end API.

APIM product

A product contains one or more APIs as well as a usage quota and the terms of use. You can include several APIs and offer them to developers through the developer portal.

APIM API operation

Each APIM API represents a set of operations available to developers. Each APIM API contains a reference to the back-end service that implements the API, and its operations map to the operations implemented by the back-end service.

Version

Sometimes you want to publish new or different API features to some users, while others want to remain with the API that currently works for them.

Revision

When your API is ready to go and starts to be used by developers, you usually need to take care in making changes to that API and at the same time not to disrupt callers of your API. It’s also useful to let developers know about the changes you made.

Developer portal

Your customers (developers) should use the developer portal to access your APIs. The developer portal can be customized.

Implement API Management:
create an APIM instance

Implement API Management

Creating an API Management instance

To use API Management, administrators create APIs. Each API consists of one or more operations, and each API can be added to one or more products. To use an API, developers subscribe to a product that contains that API, and then they can call the API’s operation, subject to any usage policies that might be in effect. 

Manage using Git

Each API Management service instance maintains a configuration database that contains information about the configuration and metadata for the service instance. You can make changes to the service instance by changing a setting in the Azure portal, by using a PowerShell cmdlet, or by making a REST API call. In addition to these methods, you can also manage your service instance configuration by using Git.

When you make changes to your service by using the Azure portal, PowerShell cmdlets, or the REST API, you are managing your service configuration database by using the https://{name}.management.azure-api.net endpoint. This is depicted in the diagram on the slide. The diagram also depicts how you can manage your service configuration by using Git and the Git repository for your service, which is located at https://{name}.scm.azure-api.net.

Service hierarchy

Create and manage APIs

Each API contains one or more sets of operations

Operations are configurable, granting control over:

  • URL mapping
  • Query and path parameters
  • Request and response content
  • Operation response caching

Implement API Management:
configure authentication for APIs

Implement API Management

Subscriptions

When you publish APIs through API Management, it’s easy and common to secure access to those APIs by using subscription keys. Developers who need to consume the published APIs must include a valid subscription key in HTTP requests when they make calls to those APIs. Otherwise, the calls are rejected immediately by the API Management gateway. They aren’t forwarded to the back-end services.

To get a subscription key for accessing APIs, a subscription is required. A subscription is essentially a named container for a pair of subscription keys. Developers who need to consume the published APIs can get subscriptions. And they don’t need approval from API publishers. API publishers can also create subscriptions directly for API consumers.

Traditionally, subscriptions in API Management were always associated with a single API product scope. Developers found the list of products on the Developer portal. Then they’d submit subscription requests for the products they wanted to use. After a subscription request is approved, either automatically or by API publishers, the developer can use the keys in it to access all APIs in the product.

Client certificates

API Management provides the capability to secure access to APIs (that is, client to API Management) by using client certificates. Currently, you can check the thumbprint of a client certificate against a desired value. You can also check the thumbprint against existing certificates uploaded to API Management.

Checking the expiration date

Policies can be configured to check if the certificate is expired.

Checking the issuer and subject

Policies can be configured to check the issuer and subject of a client certificate.

API Management provides the capability to secure access to APIs (that is, client to API Management) by using client certificates. Currently, you can check the thumbprint of a client certificate against a desired value. You can also check the thumbprint against existing certificates uploaded to API Management.

Checking the thumbprint

Policies can be configured to check the thumbprint of a client certificate.

Checking a thumbprint against certificates uploaded to API Management

Policies can be configured to check the thumbprint of a client certificate against certificates uploaded to API Management.

Implement API Management:
define policies for APIs

Implement API Management

Policies

In Azure API Management (APIM), policies are a powerful capability of the system that allow the publisher to change the behavior of the API through configuration. Policies are a collection of Statements that are executed sequentially on the request or response of an API. Popular Statements include format conversion from XML to JSON and call rate limiting to restrict the amount of incoming calls from a developer. Many more policies are available out of the box.

Editing policies

The policy definition is an XML document that describes a sequence of inbound and outbound statements. The XML can be edited directly in the definition window. You can also select a predefined policy from the list that is provided to the right of the policy window. The statements applicable to the current scope are enabled and highlighted. Selecting an enabled statement adds the appropriate XML at the location of the cursor in the definition view.

Policy scopes

If you have a policy at the global level and a policy configured for an API, then whenever that particular API is used both policies will be applied. API Management allows for deterministic ordering of combined policy statements using a special <base /> element.

More topics on Connect to and consume Azure services and third-party services:

Develop an App Service Logic App

Develop event-based solutions

Develop message-based solutions

Microsoft Azure AZ-204 exam topics:

If you have covered the current topics in Connect to and consume Azure services and third-party services then you can have a look at the other topic areas:

View full documentation Microsoft Azure: AZ-204 exam content from Microsoft

Leave a Reply