Discover the benefits and hidden secrets of Azure API Management Service

Transcript

1. Discover the benefits and hidden secrets of Azure API Management

   Service Michelangelo van Dam

2. What are APIs?

3. –WikiPedia “ An application programming interface (API) is a connection

   between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software”

4. –WikiPedia “ An application programming interface (API) is a connection

   between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software”

5. –Michelangelo van Dam “ An application programming interface (API) is

   a software interface, providing a connection between computers or computer systems.”

6. APIs are for machines Expose access to data and functionality

   Understandable by machines Are internally and externally used

7. Examples of APIs Internal ordering system Mobile application service Industrial

   control service Government service Social media service Consumer noti fi cation service Warehouse order picking system Weather service Open Data Service System operation service Alerting and monitoring service …

8. Example of internal API (HR system) GET /employee 
 Returns

   a list of employees GET /employee/<ID> 
 Returns a single employee by its ID POST /employee 
 Creates a new employee entry PUT /employee/<ID> 
 Updates an existing employee HTTP/1.1 200 OK Host: hr-api.company.com Date: Sat, 04 Dec 2021 13:16:55 GMT Connection: close X-Powered-By: PHP/8.0.11 Content-Type: application/json { "status": 200, "response": { "employee": { "id": 1, "firstName": "Foo", "lastName": "Bar", "email": "[email protected]" } } }

9. Example of external API (flickr.com) GET / fl ickr.photos.search 


   Search for photos on Flickr GET / fl ickr.photos.getInfo 
 Get information about a photo A lot more at https://www. fl ickr.com/services/api/ <photos page="2" pages="89" perpage="10" total="881"> <photo id="2636" owner="47058503995@N01" secret="a123456" server="2" title="test_04" ispublic="1" isfriend="0" isfamily="0" /> <photo id="2635" owner="47058503995@N01" secret="b123456" server="2" title="test_03" ispublic="0" isfriend="1" isfamily="1" /> <photo id="2633" owner="47058503995@N01" secret="c123456" server="2" title="test_01" ispublic="1" isfriend="0" isfamily="0" /> <photo id="2610" owner="12037949754@N01" secret="d123456" server="2" title="00_tall" ispublic="1" isfriend="0" isfamily="0" /> </photos>

10. What is API Management?

11. Purpose API management Incoming request control Outgoing response control Filtering

    and validation Modify request and response headers & contents Add rules and policies for security Manage versions of APIs Usage audits and billing Backend API health checks Monitoring and alerting Transform services (RPC to REST)

12. What API management is not It is not an API

    itself It can not automatically fi x a broken API It does not prevent direct access to an API It will not clean your dishes… but the API behind it could

13. Azure API Management

14. Common challenges

15. Internal & External API managemtent One system to manage them

    all

16. Example: procurement services Internal APIs: Suppliers Products & Services Orders

    External APIs: EU VAT Information Exchange Service (VIES) Belgian UBO Register LinkedIn

17. Architecture Azure Resources Internal APIs SOAP - Suppliers REST -

    Products & Services REST - Orders External APIs REST - LinkedIn REST - BE UBO Register SOAP - EU VIES Application Gateway API Management Active Directory Redis Cache Application Insights https://api.company.com /ext/vies /ext/ubo /ext/linkedin /int/order /int/product /int/service /int/supplier /ext /int Route based API access Access Control Response Cache Customers Staff & Partners Devices (IoT)

18. Azure APIM: Internal API

19. Azure APIM: external API

20. Internal External

21. Rate Limitation Prevent your system to be overloaded with unlimited

    requests

22. Example: Public API Service Challenge: prevent abuse and system overloading

    Solution(s): Web Application Firewall with DDoS mitigation Rate limitation for (un)authenticated users

23. API Management: Inbound policy

24. Azure APIM Policy <policies> <inbound> <base /> <rate-limit-by-key calls=“5" renewal-period="60"

    increment-condition="@(context.Response.StatusCode == 200)" counter-key="@(context.Request.IpAddress)" remaining-calls-variable-name="remainingCallsPerIP"/> </inbound> <outbound> <base /> </outbound> </policies>

25. Policy setting for internal API

26. One line to save the day

27. SOAP to REST Converting existing SOAP services to REST interfaces

28. Example: SOAP to REST Requirement: All APIs must be a

    REST service providing JSON Challenge: SOAP is XML based SOAP is structured through a WSDL implementation

29. REST API API Management SOAP Services

30. Select WSDL when creating net API

31. WSDL Spec & select SOAP to REST

32. API automatically created

33. Clean REST API for SOAP services

34. System, B2B and B2C Access Control Allow systems, users &

    partner organisations to use services

35. Example: B2B and B2C authentication Requirement: Only authenticated users via

    partner AD or OAuth Challenge: No change to existing APIs No user management of partner accounts

36. Architecture Azure Resources API Management Active Directory Application Insights Access

    Control AD B2C Customers Staff & Partners API Services

37. Google OAuth ID Settings

38. APIM OAuth Settings

39. Add Authorization header

40. Secured by OAuth

41. API Consumption Billing Send invoices for API usage or data

    access

42. Example: Bill your API consumers Requirement: API is a premium

    service and users should pay for usage Challenge: No change to existing APIs Integrate with existing payment provider (e.g. Stripe)

43. Architecture Azure Resources API Management Customers API Services Billing App

    Delegation Usage Metrics Invoice Stripe API

44. Registration via API

45. Stripe Billing

46. Recap

47. When using APIs use an API Management Solution Combine internal

    and external APIs Don’t reinvent the wheel, use the API Management solutions Focus on creating value for customers, not on maintaining middleware

48. Resources

49. Amazon af fi liation links

50. Related links API Management transformation policies API Management access restriction

    policies Import a SOAP API and convert to REST Protect a web API backend in Azure API Management Monetization with Azure API Management

51. data.gov.be data.europe.eu api. fl ickr.com management.azure.com Playground APIs Learn, explore,

    and build something great

52. Thank you Slides are available online 
 in2.se/azure-apim-features Questions? Twitter:

    @DragonBe Facebook: DragonBe LinkedIn: Michelangelo van Dam