Azure API Management

API management solves API-related challenges

Connected experiences
Discover Abstract
Learn Secure and protect
Get access Manage lifecycle
Try Monitor and measure
SDKs and samples Onboard developers
Get help Monetize

Consume Mediate Publish

Developer portal APIs
Gateway Azure portal
Developers Publishers
(use APIs) (provide APIs)

Services and data

API Management
Demos
Product 1 Product 2 Product 3 Product 4 Product 5

API Store
Product 1 Product 2 Product 3 Product 4 Product 5

API Management

Backends on Azure Backends on premises

 There is a policy for that
Encapsulate common API management functions
Access control, Protection, Transformation, Caching, …

Mutate request context or change API behavior

Add a header or throttle for example

Set in the inbound and outbound directions

Applied at a variety of scopes or on error
Scope determines which APIs are affected
Can define custom scopes in addition to four available b default

Composed into a pipeline from effective scopes

Degree of control over inheritance of scopes, i.e. <base/> element
Don’t delete <base/> inadvertently

http://aka.ms/apimpolicyexamples
Policy scopes

GET /foo/bar HTTP/1.1 global

CORS LOG
Host: api.constoso.com
Key: 0123456789 product
0123456789
RATE QUOTA
from caller inbound
to backend
/foo api
JWT

/bar operation
CACHE URL BODY
outbound

to caller from backend

Policy expressions Named values
C# “snippets” used with policies Shared across APIM instance
Read-only access to the request context Keep secrets and “magic” strings out of policies
Can use whitelisted .NET types Add semantics, if named well
Dynamically configure and conditionally execute Enable a single point of change
policies
Provide environment-specific values
API Management
Demos: Versions and Revisions
Use Revisions when
• You make a non-breaking change to your API
• You want to make changes safely
• You may want to roll-back your changes
• You want to give your developer community details of your changes
Use Versions when
• You need to show developers a relationship between APIs
• You need to give developers a predictable way to switch between related APIs
• You want to add breaking changes
• You want to try out changes and solicit feedback from your community
API Management and Security
Security and protection
Username/Password
Internet IPs
Microsoft account
Google account
Developer portal
Facebook account
Twitter account
Delegated (custom) Consume
App developers
Azure AD
Azure AD B2C

Key HTTP Basic

OAuth 2 & OpenID Connect
Gateway Mutual certificate
Client certificate Shared secret
Custom external authorizer IP filter
Mediate
IP filter VNET/NSG
1st and 3rd party apps Rate limits and quotas

Azure portal
Azure account
APIs on Azure and outside
RBAC Publish
API publishers
VNETs and Hybrid

Developer portal

Consume
App developers
VNET

Gateway

Mediate

1st and 3rd party apps

Azure portal

APIs on Azure and

Publish
outside
API managers and
developers
VNETs and Hybrid

VPN

VNET

Gateway

Mediate

1st and 3rd party apps

 External configuration

Secure external access to private cloud and on-premises endpoints

 Internal configuration

Secure internal access to private cloud and on-premises endpoints

 Internal configuration with a WAF
More secure external access to private and on-premises endpoints
Secure internal access to private cloud and on-premises endpoints
Key vs JWT

Key JWT

Credential type Bearer Bearer

Token type Reference Self-contained

Sensitivity Is a secret Doesn’t contain secrets

Expiration External, ad hoc Built in, pre-defined

Subject Developer and an app End user or an app

Multi-region topologies
Multi-region topologies

Secondary Primary
region region
Multi-region topologies

Secondary Primary
region region
Multi-region topologies

Secondary Primary
region region

Shared state

Hint: use <choose> to <set-backend> policy based on context.Deployment.Region

Multi-region topologies

Secondary Primary
region region

Shared state
Multi-region topologies

Secondary Primary
region region

Shared state
Multi-region topologies – custom TM

Secondary
Secondary Primary
region region
regions

Shared state Shared state

We just scratched the surface
40 policies - security, transformations, traffic management, extensibility
API publishing with products, users and groups
VNET support for external and internal use cases
Multi-region deployment topologies for high-availability and performance
Azure Monitor metrics, logs and alerts
Analytics and Power BI template
Azure AD and Azure AD B2C integration
Developer portal customization
SOAP and SOAP2REST
…
Stay in touch
Questions and discussions http://aka.ms/apimso

Service updates, among other things http://aka.ms/apimblog

GitHub repo with sample policies http://aka.ms/apimpolicyexamples

Tutorial, documentation, and references http://aka.ms/apidocs

Feedback and feature requests http://aka.ms/apimwish

Roadmap http://aka.ms/apimroadmap

Customer stories http://aka.ms/apimcustomers

© Copyright Microsoft Corporation. All rights reserved.