Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Discover the benefits and hidden secrets of Azure API Management Service

8fc45f4725efe8e8bc8d6c1f92224b65?s=47 Michelangelo
December 09, 2021

Discover the benefits and hidden secrets of Azure API Management Service

If you work with APIs daily, you know how hard it is to keep track of changes, integrate them into existing applications or to secure them in an ever changing world. Before I discovered Azure API Management services, I was going through the same painful experience.

In this session I will briefly touch on what Azure API Management (APIM) is, to go directly in some interesting examples where APIM is a true game changer. The topics I will cover are: rate limitations, Soap to REST conversion, B2B and B2C Access Control, and API billing features for SaaS purposes. I promise it will be an interesting session with code samples you can try yourself. Looking forward seeing you there.



December 09, 2021

More Decks by Michelangelo

Other Decks in Technology


  1. Discover the benefits and hidden secrets of Azure API Management

    Service Michelangelo van Dam
  2. What are APIs?

  3. –WikiPedia “ An application programming interface (API) is a connection

    between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software”
  4. –WikiPedia “ An application programming interface (API) is a connection

    between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software”
  5. –Michelangelo van Dam “ An application programming interface (API) is

    a software interface, providing a connection between computers or computer systems.”
  6. APIs are for machines Expose access to data and functionality

    Understandable by machines Are internally and externally used
  7. Examples of APIs Internal ordering system Mobile application service Industrial

    control service Government service Social media service Consumer noti fi cation service Warehouse order picking system Weather service Open Data Service System operation service Alerting and monitoring service …
  8. Example of internal API (HR system) GET /employee 

    a list of employees GET /employee/<ID> 
 Returns a single employee by its ID POST /employee 
 Creates a new employee entry PUT /employee/<ID> 
 Updates an existing employee HTTP/1.1 200 OK Host: hr-api.company.com Date: Sat, 04 Dec 2021 13:16:55 GMT Connection: close X-Powered-By: PHP/8.0.11 Content-Type: application/json { "status": 200, "response": { "employee": { "id": 1, "firstName": "Foo", "lastName": "Bar", "email": "f.bar@company.com" } } }
  9. Example of external API (flickr.com) GET / fl ickr.photos.search 

    Search for photos on Flickr GET / fl ickr.photos.getInfo 
 Get information about a photo A lot more at https://www. fl ickr.com/services/api/ <photos page="2" pages="89" perpage="10" total="881"> <photo id="2636" owner="47058503995@N01" secret="a123456" server="2" title="test_04" ispublic="1" isfriend="0" isfamily="0" /> <photo id="2635" owner="47058503995@N01" secret="b123456" server="2" title="test_03" ispublic="0" isfriend="1" isfamily="1" /> <photo id="2633" owner="47058503995@N01" secret="c123456" server="2" title="test_01" ispublic="1" isfriend="0" isfamily="0" /> <photo id="2610" owner="12037949754@N01" secret="d123456" server="2" title="00_tall" ispublic="1" isfriend="0" isfamily="0" /> </photos>
  10. What is API Management?

  11. Purpose API management Incoming request control Outgoing response control Filtering

    and validation Modify request and response headers & contents Add rules and policies for security Manage versions of APIs Usage audits and billing Backend API health checks Monitoring and alerting Transform services (RPC to REST)
  12. What API management is not It is not an API

    itself It can not automatically fi x a broken API It does not prevent direct access to an API It will not clean your dishes… but the API behind it could
  13. Azure API Management

  14. Common challenges

  15. Internal & External API managemtent One system to manage them

  16. Example: procurement services Internal APIs: Suppliers Products & Services Orders

    External APIs: EU VAT Information Exchange Service (VIES) Belgian UBO Register LinkedIn
  17. Architecture Azure Resources Internal APIs SOAP - Suppliers REST -

    Products & Services REST - Orders External APIs REST - LinkedIn REST - BE UBO Register SOAP - EU VIES Application Gateway API Management Active Directory Redis Cache Application Insights https://api.company.com /ext/vies /ext/ubo /ext/linkedin /int/order /int/product /int/service /int/supplier /ext /int Route based API access Access Control Response Cache Customers Staff & Partners Devices (IoT)
  18. Azure APIM: Internal API

  19. Azure APIM: external API

  20. Internal External

  21. Rate Limitation Prevent your system to be overloaded with unlimited

  22. Example: Public API Service Challenge: prevent abuse and system overloading

    Solution(s): Web Application Firewall with DDoS mitigation Rate limitation for (un)authenticated users
  23. API Management: Inbound policy

  24. Azure APIM Policy <policies> <inbound> <base /> <rate-limit-by-key calls=“5" renewal-period="60"

    increment-condition="@(context.Response.StatusCode == 200)" counter-key="@(context.Request.IpAddress)" remaining-calls-variable-name="remainingCallsPerIP"/> </inbound> <outbound> <base /> </outbound> </policies>
  25. Policy setting for internal API

  26. One line to save the day

  27. SOAP to REST Converting existing SOAP services to REST interfaces

  28. Example: SOAP to REST Requirement: All APIs must be a

    REST service providing JSON Challenge: SOAP is XML based SOAP is structured through a WSDL implementation
  29. REST API API Management SOAP Services

  30. Select WSDL when creating net API

  31. WSDL Spec & select SOAP to REST

  32. API automatically created

  33. Clean REST API for SOAP services

  34. System, B2B and B2C Access Control Allow systems, users &

    partner organisations to use services
  35. Example: B2B and B2C authentication Requirement: Only authenticated users via

    partner AD or OAuth Challenge: No change to existing APIs No user management of partner accounts
  36. Architecture Azure Resources API Management Active Directory Application Insights Access

    Control AD B2C Customers Staff & Partners API Services
  37. Google OAuth ID Settings

  38. APIM OAuth Settings

  39. Add Authorization header

  40. Secured by OAuth

  41. API Consumption Billing Send invoices for API usage or data

  42. Example: Bill your API consumers Requirement: API is a premium

    service and users should pay for usage Challenge: No change to existing APIs Integrate with existing payment provider (e.g. Stripe)
  43. Architecture Azure Resources API Management Customers API Services Billing App

    Delegation Usage Metrics Invoice Stripe API
  44. Registration via API

  45. Stripe Billing

  46. Recap

  47. When using APIs use an API Management Solution Combine internal

    and external APIs Don’t reinvent the wheel, use the API Management solutions Focus on creating value for customers, not on maintaining middleware
  48. Resources

  49. Amazon af fi liation links

  50. Related links API Management transformation policies API Management access restriction

    policies Import a SOAP API and convert to REST Protect a web API backend in Azure API Management Monetization with Azure API Management
  51. data.gov.be data.europe.eu api. fl ickr.com management.azure.com Playground APIs Learn, explore,

    and build something great
  52. Thank you Slides are available online 
 in2.se/azure-apim-features Questions? Twitter:

    @DragonBe Facebook: DragonBe LinkedIn: Michelangelo van Dam