top of page

Introduction to Azure API Management

Azure API Management is a reliable, secure and scalable way to publish, consume and manage API’s running on Microsoft Azure platform. Azure API Management provides all essential tools required for an end-to-end management of API’s. It ensures optimal performance of the API’s, tracks and enforces usage, authentication, and more.


It is primarily used to provide a central interface to create, provision and manage API for web and cloud applications and services. With Azure API Management user can;

  • Monitor the health of APIs, identifying errors, configure throttling, rate limits and more on each API.

  • Provides insight into the utilization of APIs

  • Creating and managing user roles and defining end to end API usage policies

  • Provides a central interface to consolidate and manage thousands of API’s across multiple platforms.

  • Provide an authentication and access control mechanism to manage and ensure security on API access and utilization


Azure API Management Features:
  • Help protect your resources

  • Accelerate your business

  • Improve API discoverability

  • Transform your existing services

  • Help secure your APIs


Creating an Azure API Management resource

With that, let’s begin looking at deploying Azure API Management. For now, we’ll focus on deploying the Azure API Management resource. In future posts, we’ll look into setting up API Management policies to protect a set of APIs.


Navigate to the Azure Portal and search for API Management Services. Click create, so that you can begin the creation experience for an API Management resource.


To start, you’ll need to provide some basic information about your API Management instance. Several of these are as expected -

  • Subscription to deploy your API Management instance into

  • Resource Group to deploy your API Management instance into

  • Region to deploy your API Management instance into

  • Resource name of your API Management resource. This will also form part of the domain of your API management instance, e.g. {{resourcename}}.azure-api.net.

  • Organization Name which is used in the developer portal (if using an appropriate SKU) and sender of notification e-mails.

  • Administrator email where any notifications from API Management will be sent.



Create an Azure API Management Resource


Finally, you will also be prompted to choose a pricing tier for your API Management instance. There are five tiers; Consumption, Developer, Basic, Standard and Premium.


There are some tangible differences between the tiers, which are very well documented in the Azure Docs. These include Virtual Network integration and developer portal integration to name but a couple.



Showcasing the API Management Pricing Tier options


Next up, you’ll be asked to confirm whether the API Management instance should be linked with Application Insights. This allows you to enable logging of the API calls that pass through your API Management Gateway.



Associating Application Insights with the API Management Resource


The next tab in the creation experience is scale. Scaling is possible in the Basic, Standard and Premium tiers, but is unavailable in the Developer tier.


Scaling is handled automatically in the consumption tier.



Scale units are not supported for Developer or Consumption Tier API Management resources


Next up is the managed identity tab. Like many Azure Resources, it’s possible to associate a System-assigned managed identity with an API Management instance.



Enable system-assigned managed identity


Virtual Network is the next configuration item. This is not supported in the Basic, Standard or Consumption tiers.


This is supported in the Developer and Production SKUs. If you configure this option, then the API Management instance is deployed directly into the Azure Virtual Network (as opposed to a multi-tenant deployment using private endpoints, for example).



Virtual network is not supported in the Basic, Standard, and Consumption tiers.


The final API Management configuration option is to do with Protocol settings. This relates to the Client-side protocols, transport security and backend-side transport security.



Protocol settings — Client-side protocols, client-side transport security, backend-side transport security


As with the majority of Azure Resources, you can go ahead and associate Azure Resource Tags. Once you’ve reviewed the resource configuration and are comfortable, go ahead and create.



API Management Resource in the Azure Portal



Azure API Management Concepts

Before we start exploring API Management, let’s make sure we understand a few core concepts -

API Management is made up a few components, including -

  • An API Gateway which takes API calls and routes them to the appropriate backends. It may check against a series of policies along the way (e.g. transformation from one data format to another, checking authorization, enforcing rate limits/quotas, caches responses) and can logs the calls being made.

  • The Azure Portal is commonly used as the admin interface for your API Management instance. You’ll typically add/import API definitions for your API Gateway, associate these with products, manage access (e.g. by linking APIs to products, or managing user access to the developer portal),

  • The Developer Portal is the web portal/documentation area for consumers of your APIs. This is not only used for static documentation, but can also be used as a console to interact with your APIs for testing purposes.

We’ve started introducing a few concepts such as APIs, Products and more. Let’s explore those a little more thoroughly -

  • An API represents a set of operations available to developers. It’s comprised of a backend service(s), and operations that map to operations or methods in the backend service.

  • A Product is how an API is exposed to the API consumers. A product is associated with one or many APIs. Products can either be open or protected. The protected products must be subscribed to. These can be approved by administrator, or be auto approved.

  • Groups are used to manage visibility of products to consumers. There are 3 basic groups, Administrators, Developers and Guests (clearly documented here). Custom groups can also be added, as well as associating identity providers, e.g. AAD for access as well.

  • Policies are the magic behind API Management (in my opinion, anyway!). Policies allow you to define expected behaviour at an API Level, Operation Level or Product Level. Example policies include JWT authorization, transforming data format from XML to JSON, restricting calls based upon rate limiting and many many more. Policies could be a blog post in their own right, and we’ll likely explore several policies over the course of several blog posts. As such, we’ll not explore them much further in this one.



Azure API Management Alternatives & Comparisons

1. Apigee

API management, design, analytics, and security are at the heart of modern digital architecture. The Apigee intelligent API platform is a complete solution for moving business to the digital world.

2. Ocelot

It is aimed at people using .NET running a micro services / service oriented architecture that need a unified point of entry into their system. However it will work with anything that speaks HTTP and run on any platform that ASP.NET Core supports. It manipulates the HttpRequest object into a state specified by its configuration until it reaches a request builder middleware where it creates a HttpRequestMessage object which is used to make a request to a downstream service.

3. Kong

Kong is a scalable, open source API Layer (also known as an API Gateway, or API Middleware). Kong controls layer 4 and 7 traffic and is extended through Plugins, which provide extra functionality and services beyond the core platform.

4. NGINX

nginx [engine x] is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev. According to Netcraft nginx served or proxied 30.46% of the top million busiest sites in Jan 2018.

5. Azure Functions

Azure Functions is an event driven, compute-on-demand experience that extends the existing Azure application platform with capabilities to implement code triggered by events occurring in virtually any Azure or 3rd party service as well as on-premises systems.



Resource: Microsoft, AzurePortals


The Tech Platform

0 comments

コメント


bottom of page