Up:: Microsoft Azure Developer Associate AZ-204 2023
Azure API Management (APIM)
Azure API Management
- 10:13:28 Introduction
- APIM
- integrates existing back-end services into modern API gateways
- follow the API-first approach, decoupling front-end and back-end teams with the help of API mocking
- Azure API Management handles the full management of you APIs
- It centralizes the securing, versioning, documentation and compliance from your back-end services in a single point
- Key Concepts
- API represents a set of operations
- API Operation connects an API endpoint to its backend
- Product - a logical grouping of APIs
- A single or a group of APIs make a Product, which is how your APIs are presented to developers. It can be either public or private.
- Backend represents back-end services in your API
- Group use to manage the visibility of products to developers:
- Administrators - full access to API Management.
- Developers users with access to the developers portal with permissions to build applications.
- Guests users without access to the developers portal but with reading permissions in some services.
- Developer belongs to one or more Product groups, each developer has a primary and secondary key to call the product’s APIs
- Policies - configurations and validations that are applied in progress to incoming requests and outgoing responses
- Named Values key value pairs used with policies. Values can be a result of an expression.
- Gateway is where your API calls are received and policies are applied to incoming requests
- Developer Portal where developers can access all APIs and products listed by your API alongside its API’s operations and documentations. Developers can also request access to your APIs for the developers portal.
- API represents a set of operations
- Echo API service
- when you create an APIM Gateway, by default it will create an API called Echo API
- non production service used to test Azure API Management
http://echoapi.cloudapp.net/api
- Feature Comparison
- API Authentication
- To authenticate with our APIs, we configure thos settings under the subscription section
- If the subscription is required. only developers with a valid access key can use it.
- If it is not checked, anonymous requests are allowed
- we configure where the API will receive the access keys, can be sent as a header or a query string
- Groups
- Administrators - Manages API Management service instances and create APIs, operations and products that are used by developers
- Developers - Authenticated portal users that build applications using your APIs
- Guests - Unauthenticated developer portal users, prospective clients visiting the developer portal. Can be granted read-only access.
- Administrators can also create custom groups or use external groups in an associated Azure AD tenant to give developers visibility and access to API products.
- a user can belong to more than one group.
- Frontends and Backends
- Frontends
- defines the route/endpoint and the documentation and configuration around that endpoint.
- API does not host APIs, it creates facades for your APIs
- Backends
- You can set the following types
- Custom URL
- Azure Resource
- Azure Service Fabric
- Authorization Credentials
- Headers - HTTP Headers
- can fetch from named values
- Query - query string
- fetch from named values
- Client Certificates
- certificates stored in Azure Key Vault
- Headers - HTTP Headers
- You can set the following types
- Frontends
- Policies
- allows you to change the behaviour at multiple stages of an endpoints request lifecycle
- update any part of the request and response headers, body, URLs, etc
- Four areas where policies are applied
- Inbound - incoming requests
- Backend - before requests reach your backend
- Outbound - before sending response back to client
- Error - when a request encounters an error
- Azure has collection of policy groups which contain many policies which you can apply
- When an error occurs, no other policies are applied except the error policies, however, if other policies were in effect prior to the error, they will not be removed.
- Product level Policies apply to all API operations within a product
- Policies Walkthrough
- Access Restriction Policies
- Advanced Policies
- Authentication Policies
- Caching Policies
- Cross Domain Policies
- Transformation Policies
- Dapr Integration Policies
- Validation Policies -
- Access Restriction Policies
- APIs
- Define New API via
- HTTP
- WebSockets
- GraphQL
- From definition
- OpenAPI 3 (Swagger old)
- WADL
- WSDL (Soap)
- From Azure Resource
- Logic App
- App Service
- Function App
- OpenAPI
- OAS (OpenAPI Specification) defines a standard language-agnostic interface to RESTful APIs which allows both humans and computer to discover and understand the capabilities of the service without access to source code, documentation or through network traffic inspection
- Used to be same as Swagger, as of v3 different from Swagger
- OpenAPI = Specification
- Swagger = Tools to implement the specification
- Represented in either JSON or YAML
- WADL and WSDL
- Web Application Description Language (WADL)
- Web Services Description Language (WSDL)
- Define New API via
- Developer Portal
- Automatically generated, fully customizable website with documentation of your APIs
- You need to publish for the Developer Portal to be publicly viewable
- You can save revisions of the portal to quickly rollback to previous versions
- Can apply a custom domain for your Developer Portal
- feature is available in the Premium, Standard, Basic and Developer tiers of the API Management
- Developer Portal Authentication
- different types of authentications within APIM
- Azure AD
- Azure AD B2C
- Identity Providers (IdPs): Google, Microsoft and Facebook
- Basic authentication
- Basic Authentication is a built in authentication method for Azure API management that requires the developer to register with an email and password in order to obtain an API key, which is then used in requests to authenticate the requestors.
- Delegated authentication, allows you to user your own web-app sign-in sign-up and product subscription instead of the built-in developer portal built-in functionality.
- different types of authentications within APIM
- Built-in vs External Cache
- Built-In cache
- Apis and operations can be configured with response caching
- Response caching can significantly reduce latency for API callers and backend load for API providers
- Caching Policy applied to outbound
- Built-in cache is volatile and is shared by all units in the same region in the same API Management service
- External Cache
- utilize a Redis Cache externally instead of using the built-in cache
- allows you to overcome a few limitations of the built-in cache
- Avoid having your cache periodically cleared during API management updates
- Have more control over you cache configuration
- Cache more data than you API Management tier allows to
- User caching with the Consumption tier of API Management
- Enable caching in the API Management self-hosted gateways
- You simply need to provide a Connection string to your Redis Cache
- Built-In cache
- 10:43:19 APIM Basics - Follow Along
Additional Metadata
- Type::note
- Origin:: Microsoft Azure Developer Associate AZ-204 2023
- Status::🌲
- Tags::