Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AzureBootcamp2023: Azure API Management by Michael Rüefli

AzureBootcamp2023: Azure API Management by Michael Rüefli

APIs are the common endpoints for applications, allowing the consumption of services and connecting systems and users. This session will bring you up to speed with the most common and challenging problems when starting with Azure API Management. After the session, you will be enabled to kick the tires and secure your APIs.
🙂 MICHAEL RÜEFLI ⚡️ Solutions Architect @ scopewyse | Microsoft Azure MVP

More Decks by Azure Zurich User Group

Other Decks in Technology


  1. Michael Rüefli Partner | Solutions Architect scopewyse GmbH [email protected] www.miru.ch

    @drmiru drmiru About me | Tech Azure Cloud Platform & Security Security in focus, MCT (Microsoft Certified Trainer) Community worker About me | Private Father, Husband, Skydiver, Skier
  2. Agenda ▪ APIM overview ▪ Deployment models ▪ Publish your

    1st API ▪ Gotchas ▪ Security ▪ Q&A
  3. ▪ Azure API Management is a cloud-based service that enables

    organizations to create, publish, and manage APIs. ▪ With Azure API Management, organizations can secure, scale, and analyze their APIs to better serve their customers and partners. What is Azure API Management
  4. ▪ Centralize access to APIs / web services ▪ Version

    control ▪ Authentication & protection ▪ Request & response mods ▪ Performance optimization ▪ API usage tracking Typical use cases
  5. SKUs Developer Consumption Basic Standard Premium Private Endpoint Vnet Integration

    SLA Self hosted GWs Policies Availability zones Developer Portal Gitops Multiple custom domains https://learn.microsoft.com/en-us/azure/api-management/api-management-features
  6. Deployment models API Management Self hosted Gateway Backend Service API

    Management Backend Service VPN / ER private API Management Backend Service VPN / ER private App Gateway WAF private public public Backend Service Backend Service HTTPS Backend Service Cloud / Hybrid Hybrid Hybrid Secured
  7. Private networking API Management Private Endpoint Private DNS Zone subnet

    vnet Private Ingress Public Egress API Management Private DNS Zone subnet vnet Private Ingress Private Egress Backend Service Backend Service Gateway vNET Integration Private Link
  8. 1. Create an API definition 2. Create / adapt policies

    3. Create a product 4. Add API to the product 5. Publish product 6. Assign subscription to the product API Publishing
  9. ▪ CORS ▪ Rate Limiting ▪ Header ▪ validation ▪

    Manipulation ▪ Cache Policies - define what happens to calls
  10. ▪ Private Endpoint and vNet injection can't be combined ▪

    APIM delegated subnet needs to be in Hub vNet ▪ vNet integrated APIM + WAF = split DNS config Gotchas (1/2)
  11. ▪ UDR on APIM Subnet: -> NH: Internet ▪

    Changes on vNet / custom Domain config require instance reboot ~25min ▪ Using NSG on APIM subnet -> https://learn.microsoft.com/en-us/azure/api-management/api-management- using-with-vnet?tabs=stv2#configure-nsg-rules Gotchas (2/2)
  12. ▪ Use WAF in front of APIM ▪ Be strict

    giving API master keys ▪ Use JWT validation policy for AAD AuthN ▪ Pull named values (secrets) from a Key Vault ▪ Restrict trace functionality to Admins Security Good Practices API Management Networking Authentication Configuration Policies
  13. Q&A