Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AzureBootcamp2023: Azure API Management by Michael Rüefli

AzureBootcamp2023: Azure API Management by Michael Rüefli

APIs are the common endpoints for applications, allowing the consumption of services and connecting systems and users. This session will bring you up to speed with the most common and challenging problems when starting with Azure API Management. After the session, you will be enabled to kick the tires and secure your APIs.
🙂 MICHAEL RÜEFLI ⚡️ Solutions Architect @ scopewyse | Microsoft Azure MVP

Azure Zurich User Group
PRO

May 11, 2023
Tweet

More Decks by Azure Zurich User Group

Other Decks in Technology

Transcript

  1. View Slide

  2. Azure API Management
    More than a façade for your APIs
    Michael Rüefli

    View Slide

  3. Michael Rüefli
    Partner | Solutions Architect
    scopewyse GmbH
    [email protected]
    www.miru.ch
    @drmiru
    drmiru
    About me | Tech
    Azure Cloud Platform & Security
    Security in focus, MCT (Microsoft Certified Trainer)
    Community worker
    About me | Private
    Father, Husband, Skydiver, Skier

    View Slide

  4. Agenda
    ▪ APIM overview
    ▪ Deployment models
    ▪ Publish your 1st API
    ▪ Gotchas
    ▪ Security
    ▪ Q&A

    View Slide

  5. Azure API Management
    overview

    View Slide

  6. What is APIM?
    Let's ask someone who should
    know ;-)

    View Slide

  7. ▪ Azure API Management is a cloud-based
    service that enables organizations to create,
    publish, and manage APIs.
    ▪ With Azure API Management, organizations
    can secure, scale, and analyze their APIs to
    better serve their customers and partners.
    What is Azure API Management

    View Slide

  8. Overview

    View Slide

  9. ▪ Centralize access to APIs / web services
    ▪ Version control
    ▪ Authentication & protection
    ▪ Request & response mods
    ▪ Performance optimization
    ▪ API usage tracking
    Typical use cases

    View Slide

  10. ▪ REST
    ▪ SOAP
    ▪ oDATA
    ▪ GraphQL
    ▪ Websockets
    Protocol support

    View Slide

  11. Next Gen Firewall
    Web Application Firewall
    Proxy for frontend apps
    What API Management is not

    View Slide

  12. SKUs
    Developer Consumption Basic Standard Premium
    Private Endpoint
    Vnet Integration
    SLA
    Self hosted GWs
    Policies
    Availability zones
    Developer Portal
    Gitops
    Multiple custom
    domains
    https://learn.microsoft.com/en-us/azure/api-management/api-management-features

    View Slide

  13. DEMO

    View Slide

  14. Deployment models
    API
    Management
    Self hosted
    Gateway
    Backend Service
    API
    Management
    Backend Service
    VPN / ER
    private
    API
    Management
    Backend Service
    VPN / ER
    private
    App Gateway
    WAF
    private
    public
    public
    Backend Service
    Backend Service
    HTTPS
    Backend Service
    Cloud / Hybrid Hybrid
    Hybrid Secured

    View Slide

  15. Private networking
    API
    Management
    Private Endpoint
    Private DNS Zone
    subnet
    vnet
    Private Ingress
    Public Egress
    API
    Management
    Private DNS Zone
    subnet
    vnet
    Private Ingress
    Private Egress
    Backend Service Backend Service
    Gateway
    vNET Integration
    Private Link

    View Slide

  16. Internal / External APIs

    View Slide

  17. Publishing an API

    View Slide

  18. 1. Create an API definition
    2. Create / adapt policies
    3. Create a product
    4. Add API to the product
    5. Publish product
    6. Assign subscription to the product
    API Publishing

    View Slide

  19. ▪ CORS
    ▪ Rate Limiting
    ▪ Header
    ▪ validation
    ▪ Manipulation
    ▪ Cache
    Policies - define what happens to calls

    View Slide

  20. Demo

    View Slide

  21. Gotchas

    View Slide

  22. ▪ Private Endpoint and vNet injection can't be
    combined
    ▪ APIM delegated subnet needs to be in Hub
    vNet
    ▪ vNet integrated APIM + WAF = split DNS
    config
    Gotchas (1/2)

    View Slide

  23. ▪ UDR on APIM Subnet: 0.0.0.0/0
    -> NH: Internet
    ▪ Changes on vNet / custom Domain config
    require instance reboot ~25min
    ▪ Using NSG on APIM subnet
    -> https://learn.microsoft.com/en-us/azure/api-management/api-management-
    using-with-vnet?tabs=stv2#configure-nsg-rules
    Gotchas (2/2)

    View Slide

  24. Security

    View Slide

  25. ▪ Use WAF in front of APIM
    ▪ Be strict giving API master keys
    ▪ Use JWT validation policy
    for AAD AuthN
    ▪ Pull named values (secrets) from a Key Vault
    ▪ Restrict trace functionality to Admins
    Security Good Practices
    API
    Management
    Networking
    Authentication
    Configuration
    Policies

    View Slide

  26. Q&A

    View Slide

  27. View Slide