Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Discover the benefits and hidden secrets of Azure API Management Service

December 09, 2021

Discover the benefits and hidden secrets of Azure API Management Service

If you work with APIs daily, you know how hard it is to keep track of changes, integrate them into existing applications or to secure them in an ever changing world. Before I discovered Azure API Management services, I was going through the same painful experience.

In this session I will briefly touch on what Azure API Management (APIM) is, to go directly in some interesting examples where APIM is a true game changer. The topics I will cover are: rate limitations, Soap to REST conversion, B2B and B2C Access Control, and API billing features for SaaS purposes. I promise it will be an interesting session with code samples you can try yourself. Looking forward seeing you there.


December 09, 2021

More Decks by DragonBe

Other Decks in Technology


  1. –WikiPedia “ An application programming interface (API) is a connection

    between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software”
  2. –WikiPedia “ An application programming interface (API) is a connection

    between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software”
  3. –Michelangelo van Dam “ An application programming interface (API) is

    a software interface, providing a connection between computers or computer systems.”
  4. APIs are for machines Expose access to data and functionality

    Understandable by machines Are internally and externally used
  5. Examples of APIs Internal ordering system Mobile application service Industrial

    control service Government service Social media service Consumer noti fi cation service Warehouse order picking system Weather service Open Data Service System operation service Alerting and monitoring service …
  6. Example of internal API (HR system) GET /employee 

    a list of employees GET /employee/<ID> 
 Returns a single employee by its ID POST /employee 
 Creates a new employee entry PUT /employee/<ID> 
 Updates an existing employee HTTP/1.1 200 OK Host: hr-api.company.com Date: Sat, 04 Dec 2021 13:16:55 GMT Connection: close X-Powered-By: PHP/8.0.11 Content-Type: application/json { "status": 200, "response": { "employee": { "id": 1, "firstName": "Foo", "lastName": "Bar", "email": "[email protected]" } } }
  7. Example of external API (flickr.com) GET / fl ickr.photos.search 

    Search for photos on Flickr GET / fl ickr.photos.getInfo 
 Get information about a photo A lot more at https://www. fl ickr.com/services/api/ <photos page="2" pages="89" perpage="10" total="881"> <photo id="2636" owner="47058503995@N01" secret="a123456" server="2" title="test_04" ispublic="1" isfriend="0" isfamily="0" /> <photo id="2635" owner="47058503995@N01" secret="b123456" server="2" title="test_03" ispublic="0" isfriend="1" isfamily="1" /> <photo id="2633" owner="47058503995@N01" secret="c123456" server="2" title="test_01" ispublic="1" isfriend="0" isfamily="0" /> <photo id="2610" owner="12037949754@N01" secret="d123456" server="2" title="00_tall" ispublic="1" isfriend="0" isfamily="0" /> </photos>
  8. Purpose API management Incoming request control Outgoing response control Filtering

    and validation Modify request and response headers & contents Add rules and policies for security Manage versions of APIs Usage audits and billing Backend API health checks Monitoring and alerting Transform services (RPC to REST)
  9. What API management is not It is not an API

    itself It can not automatically fi x a broken API It does not prevent direct access to an API It will not clean your dishes… but the API behind it could
  10. Example: procurement services Internal APIs: Suppliers Products & Services Orders

    External APIs: EU VAT Information Exchange Service (VIES) Belgian UBO Register LinkedIn
  11. Architecture Azure Resources Internal APIs SOAP - Suppliers REST -

    Products & Services REST - Orders External APIs REST - LinkedIn REST - BE UBO Register SOAP - EU VIES Application Gateway API Management Active Directory Redis Cache Application Insights https://api.company.com /ext/vies /ext/ubo /ext/linkedin /int/order /int/product /int/service /int/supplier /ext /int Route based API access Access Control Response Cache Customers Staff & Partners Devices (IoT)
  12. Example: Public API Service Challenge: prevent abuse and system overloading

    Solution(s): Web Application Firewall with DDoS mitigation Rate limitation for (un)authenticated users
  13. Azure APIM Policy <policies> <inbound> <base /> <rate-limit-by-key calls=“5" renewal-period="60"

    increment-condition="@(context.Response.StatusCode == 200)" counter-key="@(context.Request.IpAddress)" remaining-calls-variable-name="remainingCallsPerIP"/> </inbound> <outbound> <base /> </outbound> </policies>
  14. Example: SOAP to REST Requirement: All APIs must be a

    REST service providing JSON Challenge: SOAP is XML based SOAP is structured through a WSDL implementation
  15. System, B2B and B2C Access Control Allow systems, users &

    partner organisations to use services
  16. Example: B2B and B2C authentication Requirement: Only authenticated users via

    partner AD or OAuth Challenge: No change to existing APIs No user management of partner accounts
  17. Example: Bill your API consumers Requirement: API is a premium

    service and users should pay for usage Challenge: No change to existing APIs Integrate with existing payment provider (e.g. Stripe)
  18. When using APIs use an API Management Solution Combine internal

    and external APIs Don’t reinvent the wheel, use the API Management solutions Focus on creating value for customers, not on maintaining middleware
  19. Related links API Management transformation policies API Management access restriction

    policies Import a SOAP API and convert to REST Protect a web API backend in Azure API Management Monetization with Azure API Management
  20. Thank you Slides are available online 
 in2.se/azure-apim-features Questions? Twitter:

    @DragonBe Facebook: DragonBe LinkedIn: Michelangelo van Dam