API Management

Introduction Azure Application Gateway provides a powerful solution for load balancing, SSL termination, and URL-based routing. In this blog post, we will discuss a common scenario where we need to forward traffic to two different Azure API Management instances based on the incoming URL, distinguishing between non-production and production environments. Problem Statement Consider a scenario where you have two separate instances of Azure API Management (Sku: any non consumption tier): one for non-production/testing (nonprod) and the other for production (prod). The requirement is to route incoming traffic through an Azure Application Gateway, forwarding requests to the appropriate API Management instance based on the path specified in the URL. Specifically, requests with the path /nonprod/* should be directed to the non-production API Management instance, while requests without this path should be forwarded to the production instance. ...

Introduction APIs have become so popular that almost all websites and applications rely on APIs to get data from server. Often user impersonation is used to authenticate as well as authorize access to the resource exposed by an API, but there are also use cases where application itself needs data from an API for functioning. Currently the most used authentication mechanism is OAuth, where identity management is performed by a third provider and both the client and resource server trusts this identity provider. While this works well, there is also another way to authenticate when the interaction is purely machine to machine, and works based on SSL certificates and is called Client Certificate Authentication. ...

What are APIM Policies? APIM policies are statements executed by Azure APIM to modify the behavior of API request, response and exception flows. The logic/conditions written as part of the policies are executed at various stages of API execution like, request received (inbound), before request sent to backend service/API (backend), before sending response to requester (outbound) and in case of any exceptions during the request processing (on-error). Policies are defined as an XML format with different tag to define the execution stage and the actual policy. ...