4. Classifying APIs
By intent:
Data retrieval
Data modification
Validation
Management
By access policy:
Private in-app
Internal
Public
Commercial
By technology:
In-process binary
File-based batch
TCP/IP
Web-ready (SOAP/REST)
7. Six things you might want to do…
1. Publish a single API endpoint for several applications
2. Centralize authentication and authorization
3. Protect your APIs from load with throttling and caching
4. Monitor API usage and performance systematically
5. Apply transformations etc. logic on API calls
6. Providing a friendly documentary UX for your API customers
“Tools for the API Economy”
8. Six Seven things you might want to do…
1. Publish a single API endpoint for several applications
2. Centralize authentication and authorization
3. Protect your APIs from load with throttling and caching
4. Monitor API usage and performance systematically
5. Apply transformations etc. logic on API calls
6. Providing a friendly documentary UX for your API customers
7. Centralize your use of external APIs – “reverse API proxying”
9. Azure API Management
HR CRM
Custom
App
Workflow
engine
…
Client
Application
Single, unified, wonderful REST API
The producer
The consumer
10.
11.
12. API Mgmt pricing
• Developer edition has all the
features, but no SLA
• Standard edition is a bit expensive,
but sufficient for most customers
• If you need more data transfer capacity, just pay the data rates
• If you need more API calls, scale up by paying for more units
• If you need geo-distribution, VPN/ER or full Azure AD support, go
Premium
13.
14. This is the old administrative experience, i.e.
“publisher portal” (or the “Legacy of Apiphany”)
15. This experience is aimed at people
using your APIs, i.e. “developer portal”
27. Taxonomy of API publishing so far
API
Operation
- A set of endpoints served from a single backend under an URI prefix
- A single method/path combination, “one action method”
- Documents its interface via request/response, description etc.
28. Adding users into the mix
API
Operation
- Access to a group of APIs
- Is subscribed to by users
Subscription
User
- Links a single user to a product
- Possibly multiple subscriptions
- Account in the developer portal
- Control product availability
- E.g. administrators,
partners, employees…
User Groups
Product
35. Six things you might want to do…
1. Publish a single API endpoint for several applications
2. Centralize authentication and authorization
3. Protect your APIs from load with throttling and caching
4. Monitor API usage and performance systematically
5. Apply transformations etc. logic on API calls
6. Providing a friendly documentary UX for your API customers
45. Some examples of additional policies
• Check HTTP header
• Restrict caller IP
• Validate JWT token
• Conditional backend change
• Retry
• Mask URLs
• Convert between JSON & XML
• Find/replace
• You can also call external
services
• … and write C#, using quite a
few of libraries
46. The
base-line
1. Global scope – e.g. error logging
2. Product scope – e.g. throttling
3. API scope – e.g. request/response manipulation
4. Operation scope – e.g. caching
48. Monitoring with Power BI
Bing for:
Azure API Management Power BI Solution template
https://blogs.msdn.microsoft.com/apimanagement/2017/09/27/power-bi-solution-template/
51. What did I ignore for the sake of the demo?
• How do I make sure nobody bypasses API Management?
• It’s really painful to add the APIs by hand
• How do I operate this configuration mess?
52. Securing your backend
Azure API Management
Azure App Service
IP address restrictions
Shared secrets
Client certificates
Azure AD
(virtual network)
58. And finally, how to manage the config…
API Management
Management API
Azure Resource
Manager
Git
repository
59. Summary
• API Management is awesome
• But it’s a bit heavy and complicated – you need to invest both
money and brains into it
• There’s a lot I didn’t cover: versioning, SOAP/REST conversions,
developer portal customization, blogging…
• Luckily, the documentation is pretty good:
https://docs.microsoft.com/en-us/azure/api-management/
60. Extra tips
• Azure API Management UserVoice:
https://feedback.azure.com/forums/248703-api-management/
• Azure API Management Roadmap:
https://trello.com/b/FAA147vS/azure-api-management-product-
roadmap
61.
62. Please do not forget to evaluate the
session before you leave by using our
Lollipolls!
AND go to Darrel Miller’s API Ecosystem
session tomorrow at 10:30 (in this room)!
63. That’s all folks!
Jouni Heikniemi
CEO/Consultant
Offbeat Solutions
Finland
@jouniheikniemi
jouni@offbeat.fi