$30 off During Our Annual Pro Sale. View Details »

Discover the benefits and hidden secrets of Azure API Management Service

DragonBe
December 09, 2021
Technology
0
220

Discover the benefits and hidden secrets of Azure API Management Service

If you work with APIs daily, you know how hard it is to keep track of changes, integrate them into existing applications or to secure them in an ever changing world. Before I discovered Azure API Management services, I was going through the same painful experience.

In this session I will briefly touch on what Azure API Management (APIM) is, to go directly in some interesting examples where APIM is a true game changer. The topics I will cover are: rate limitations, Soap to REST conversion, B2B and B2C Access Control, and API billing features for SaaS purposes. I promise it will be an interesting session with code samples you can try yourself. Looking forward seeing you there.

DragonBe

December 09, 2021
Tweet

More Decks by DragonBe

See All by DragonBe
ApiOps - Empower teams to manage their own API applications
dragonbe
0
16
Securing WordPress in Azure the cheap way
dragonbe
0
8
Privacy by Design and Default
dragonbe
0
70
Cloud Native by Design
dragonbe
2
200
Continuous WordPress
dragonbe
0
55
Adopt chaos engineering techniques in your daily work
dragonbe
1
150
The ugly, bad, good and great aspects of 30 years in open source
dragonbe
0
29
Continuous Deployment 2.0: Playtime is Over
dragonbe
0
280
Testing to reduce support calls
dragonbe
0
360

Other Decks in Technology

See All in Technology
SRE推進における失敗と成功 〜く"し"け"な"い"〜 - NIFTY Tech Day 2023
niftycorp
0
110
LLMを活用した爆速アウトプットのすゝめ / bakusoku-outputs-with-llm
yuya4
8
4.1k
uGUI の自動操作の考え方と操作方法
orgachem
PRO
0
630
「極意本」サンプルコードをクラウド上で動かそう
upura
1
800
RealSense T265とD415とUFACTORY Lite 6で模倣学習の実験
hygradme
0
350
visionOSについてGlobeeが取り組んでいること
toshi0383
0
240
Parsing case study in Go / Go Conference mini 2023 Winter IN KYOTO
k1low
2
110
Building smarter apps with machine learning, from magic to reality
picardparis
4
3.7k
CTO of the year 2023ピッチ資料(オーディエンス賞)チューリングCTO青木
aoshun7
0
620
SmartHRのマルチプロダクト戦略実行の苦悩と挑戦
h1kita
5
3.2k
DMMオンラインサロン エンジニア採用資料/ for-software-engineers
onlinesalon
0
3.6k
AWS Security Hubを有効化したけど見てない人に向けたDevSecOpsの実現方法 / #kayac_andpad_event
muziyoshiz
0
190

Featured

See All Featured
Principles of Awesome APIs and How to Build Them.
keavy
119
16k
WebSockets: Embracing the real-time Web
robhawkes
58
6.6k
Happy Clients
brianwarren
91
6.1k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
656
120k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
239
1.2M
Why Our Code Smells
bkeepers
PRO
329
56k
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
177
10k
Web Components: a chance to create the future
zenorocha
304
41k
Designing on Purpose - Digital PM Summit 2013
jponch
108
6.2k
Side Projects
sachag
450
39k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
24
2k
How To Stay Up To Date on Web Technology
chriscoyier
780
250k

Transcript

  1. Discover the benefits and hidden secrets of Azure API
    Management Service
    Michelangelo van Dam

    View Slide

  2. What are APIs?

    View Slide

  3. –WikiPedia

    An application programming interface (API)
    is a connection between computers or between
    computer programs. It is a type of software
    interface, offering a service to other pieces of
    software”

    View Slide

  4. –WikiPedia

    An application programming interface (API)
    is a connection between computers or between
    computer programs. It is a type of software
    interface, offering a service to other pieces of
    software”

    View Slide

  5. –Michelangelo van Dam

    An application programming interface (API)
    is a software interface, providing a connection
    between computers or computer systems.”

    View Slide

  6. APIs are for machines
    Expose access to data and functionality


    Understandable by machines


    Are internally and externally used

    View Slide

  7. Examples of APIs
    Internal ordering system


    Mobile application service


    Industrial control service


    Government service


    Social media service


    Consumer noti
    fi
    cation service


    Warehouse order picking system


    Weather service


    Open Data Service


    System operation service


    Alerting and monitoring service



    View Slide

  8. Example of internal API (HR system)
    GET /employee

    Returns a list of employees


    GET /employee/

    Returns a single employee by its ID


    POST /employee

    Creates a new employee entry


    PUT /employee/

    Updates an existing employee
    HTTP/1.1 200 OK
    Host: hr-api.company.com
    Date: Sat, 04 Dec 2021 13:16:55 GMT
    Connection: close
    X-Powered-By: PHP/8.0.11
    Content-Type: application/json
    {
    "status": 200,
    "response": {
    "employee": {
    "id": 1,
    "firstName": "Foo",
    "lastName": "Bar",
    "email": "[email protected]"
    }
    }
    }

    View Slide

  9. Example of external API (flickr.com)
    GET /
    fl
    ickr.photos.search

    Search for photos on Flickr


    GET /
    fl
    ickr.photos.getInfo

    Get information about a photo
    A lot more at https://www.
    fl
    ickr.com/services/api/

    secret="a123456" server="2" title="test_04"
    ispublic="1" isfriend="0" isfamily="0" />
    secret="b123456" server="2" title="test_03"
    ispublic="0" isfriend="1" isfamily="1" />
    secret="c123456" server="2" title="test_01"
    ispublic="1" isfriend="0" isfamily="0" />
    secret="d123456" server="2" title="00_tall"
    ispublic="1" isfriend="0" isfamily="0" />

    View Slide

  10. What is API Management?

    View Slide

  11. Purpose API management
    Incoming request control


    Outgoing response control


    Filtering and validation


    Modify request and response
    headers & contents


    Add rules and policies for security


    Manage versions of APIs


    Usage audits and billing


    Backend API health checks


    Monitoring and alerting


    Transform services (RPC to REST)

    View Slide

  12. What API management is not
    It is not an API itself


    It can not automatically
    fi
    x a broken API


    It does not prevent direct access to an API


    It will not clean your dishes… but the API behind it could

    View Slide

  13. Azure API Management

    View Slide

  14. Common challenges

    View Slide

  15. Internal & External
    API managemtent
    One system to manage them all

    View Slide

  16. Example: procurement services
    Internal APIs:


    Suppliers


    Products & Services


    Orders


    External APIs:


    EU VAT Information Exchange
    Service (VIES)


    Belgian UBO Register


    LinkedIn

    View Slide

  17. Architecture
    Azure Resources
    Internal APIs
    SOAP - Suppliers
    REST - Products & Services
    REST - Orders
    External APIs
    REST - LinkedIn
    REST - BE UBO Register
    SOAP - EU VIES
    Application Gateway API Management
    Active Directory
    Redis Cache
    Application Insights
    https://api.company.com
    /ext/vies
    /ext/ubo
    /ext/linkedin
    /int/order
    /int/product
    /int/service
    /int/supplier
    /ext
    /int
    Route based API access
    Access Control
    Response Cache
    Customers
    Staff & Partners
    Devices (IoT)

    View Slide

  18. Azure APIM: Internal API

    View Slide

  19. Azure APIM: external API

    View Slide

  20. Internal External

    View Slide

  21. Rate Limitation
    Prevent your system to be overloaded with unlimited requests

    View Slide

  22. Example: Public API Service
    Challenge: prevent abuse and system overloading


    Solution(s):


    Web Application Firewall with DDoS mitigation


    Rate limitation for (un)authenticated users

    View Slide

  23. API Management: Inbound policy

    View Slide

  24. Azure APIM Policy



    renewal-period="60"
    increment-condition="@(context.Response.StatusCode == 200)"
    counter-key="@(context.Request.IpAddress)"
    remaining-calls-variable-name="remainingCallsPerIP"/>





    View Slide

  25. Policy setting for internal API

    View Slide

  26. One line to save the day

    View Slide

  27. SOAP to REST
    Converting existing SOAP services to REST interfaces

    View Slide

  28. Example: SOAP to REST
    Requirement: All APIs must be a REST service providing JSON


    Challenge:


    SOAP is XML based


    SOAP is structured through a WSDL implementation

    View Slide

  29. REST API API Management SOAP Services

    View Slide

  30. Select WSDL when creating net API

    View Slide

  31. WSDL Spec & select SOAP to REST

    View Slide

  32. API automatically created

    View Slide

  33. Clean REST API for SOAP services

    View Slide

  34. System, B2B and B2C
    Access Control
    Allow systems, users & partner organisations to use services

    View Slide

  35. Example: B2B and B2C authentication
    Requirement: Only authenticated users via partner AD or OAuth


    Challenge:


    No change to existing APIs


    No user management of partner accounts

    View Slide

  36. Architecture
    Azure Resources
    API Management
    Active Directory
    Application Insights
    Access Control
    AD B2C
    Customers
    Staff & Partners
    API Services

    View Slide

  37. Google OAuth ID Settings

    View Slide

  38. APIM OAuth Settings

    View Slide

  39. Add Authorization header

    View Slide

  40. Secured by OAuth

    View Slide

  41. API Consumption
    Billing
    Send invoices for API usage or data access

    View Slide

  42. Example: Bill your API consumers
    Requirement: API is a premium service and users should pay for usage


    Challenge:


    No change to existing APIs


    Integrate with existing payment provider (e.g. Stripe)

    View Slide

  43. Architecture
    Azure Resources
    API Management
    Customers API Services
    Billing App
    Delegation
    Usage Metrics
    Invoice
    Stripe API

    View Slide

  44. Registration via API

    View Slide

  45. Stripe Billing

    View Slide

  46. Recap

    View Slide

  47. When using APIs use an API Management Solution


    Combine internal and external APIs


    Don’t reinvent the wheel, use the API Management solutions


    Focus on creating value for customers, not on maintaining middleware

    View Slide

  48. Resources

    View Slide

  49. Amazon af
    fi
    liation links

    View Slide

  50. Related links
    API Management transformation policies


    API Management access restriction policies


    Import a SOAP API and convert to REST


    Protect a web API backend in Azure API Management


    Monetization with Azure API Management

    View Slide

  51. data.gov.be
    data.europe.eu
    api.
    fl
    ickr.com
    management.azure.com
    Playground APIs
    Learn, explore, and build something great

    View Slide

  52. Thank you
    Slides are available online

    in2.se/azure-apim-features


    Questions?


    Twitter: @DragonBe


    Facebook: DragonBe


    LinkedIn: Michelangelo van Dam

    View Slide