SlideShare ist ein Scribd-Unternehmen logo

Azure API Management - why should I care?

J
Jouni Heikniemi

An introduction to how Azure API Management works and what are the benefits you can expect from using it.

Technologie
1 von 63
AZURE API MANAGEMENT - WHY BOTHER? Jouni Heikniemi @jouniheikniemi
Azure API Management HR CRM Custom App Workflow engine … Client Application Single, unified, wonderful REST API The producer The consumer Azure On-premises Amazon? Google?
So let’s talk about APIs
Classifying APIs By intent: Data retrieval Data modification Validation Management By access policy: Private in-app Internal Public Commercial By technology: In-process binary File-based batch TCP/IP Web-ready (SOAP/REST)
Azure App Service / Web App Hey, I know how to do this?
So why do I need API Management?
Six things you might want to do… 1. Publish a single API endpoint for several applications 2. Centralize authentication and authorization 3. Protect your APIs from load with throttling and caching 4. Monitor API usage and performance systematically 5. Apply transformations etc. logic on API calls 6. Providing a friendly documentary UX for your API customers “Tools for the API Economy”
Six Seven things you might want to do… 1. Publish a single API endpoint for several applications 2. Centralize authentication and authorization 3. Protect your APIs from load with throttling and caching 4. Monitor API usage and performance systematically 5. Apply transformations etc. logic on API calls 6. Providing a friendly documentary UX for your API customers 7. Centralize your use of external APIs – “reverse API proxying”
Azure API Management HR CRM Custom App Workflow engine … Client Application Single, unified, wonderful REST API The producer The consumer
API Mgmt pricing • Developer edition has all the features, but no SLA • Standard edition is a bit expensive, but sufficient for most customers • If you need more data transfer capacity, just pay the data rates • If you need more API calls, scale up by paying for more units • If you need geo-distribution, VPN/ER or full Azure AD support, go Premium
This is the old administrative experience, i.e. “publisher portal” (or the “Legacy of Apiphany”)
This experience is aimed at people using your APIs, i.e. “developer portal”
Let’s publish an API
Azure App Service Architecture: Where are we now? Publisher Portal Developer Portal Azure API Management
Adding a new API
No operations – nothing can be called. APIM needs to know the endpoints!
You can be quite specific here – but you don’t have to. APIM cares much less about the content of the requests/responses (for now).
Back to the developer portal…
Can we now call it?
Managing your consumers
Taxonomy of API publishing so far API Operation - A set of endpoints served from a single backend under an URI prefix - A single method/path combination, “one action method” - Documents its interface via request/response, description etc.
Adding users into the mix API Operation - Access to a group of APIs - Is subscribed to by users Subscription User - Links a single user to a product - Possibly multiple subscriptions - Account in the developer portal - Control product availability - E.g. administrators, partners, employees… User Groups Product
Subscribing
Subscribing
Subscribed! Now what?
Getting into it, finally!
Six things you might want to do… 1. Publish a single API endpoint for several applications 2. Centralize authentication and authorization 3. Protect your APIs from load with throttling and caching 4. Monitor API usage and performance systematically 5. Apply transformations etc. logic on API calls 6. Providing a friendly documentary UX for your API customers
The Wonderful World of Policies
Forms are a poor man’s substitute for real code (even XML)!
Throttling
What does throttling look like?
Caching
Calling external services in policies
Some examples of additional policies • Check HTTP header • Restrict caller IP • Validate JWT token • Conditional backend change • Retry • Mask URLs • Convert between JSON & XML • Find/replace • You can also call external services • … and write C#, using quite a few of libraries
The base-line 1. Global scope – e.g. error logging 2. Product scope – e.g. throttling 3. API scope – e.g. request/response manipulation 4. Operation scope – e.g. caching
Monitoring
Monitoring with Power BI Bing for: Azure API Management Power BI Solution template https://blogs.msdn.microsoft.com/apimanagement/2017/09/27/power-bi-solution-template/
You end up deploying this…
Monitoring with Power BI
What did I ignore for the sake of the demo? • How do I make sure nobody bypasses API Management? • It’s really painful to add the APIs by hand • How do I operate this configuration mess?
Securing your backend Azure API Management Azure App Service IP address restrictions Shared secrets Client certificates Azure AD (virtual network)
Securing your backend by APIM IP
Securing your backend with shared secrets
Securing your backend the enterprise ways
Not using “Add Blank API”
Swashbuckle to the rescue!
And finally, how to manage the config… API Management Management API Azure Resource Manager Git repository
Summary • API Management is awesome • But it’s a bit heavy and complicated – you need to invest both money and brains into it • There’s a lot I didn’t cover: versioning, SOAP/REST conversions, developer portal customization, blogging… • Luckily, the documentation is pretty good: https://docs.microsoft.com/en-us/azure/api-management/
Extra tips • Azure API Management UserVoice: https://feedback.azure.com/forums/248703-api-management/ • Azure API Management Roadmap: https://trello.com/b/FAA147vS/azure-api-management-product- roadmap
Please do not forget to evaluate the session before you leave by using our Lollipolls! AND go to Darrel Miller’s API Ecosystem session tomorrow at 10:30 (in this room)!
That’s all folks! Jouni Heikniemi CEO/Consultant Offbeat Solutions Finland @jouniheikniemi jouni@offbeat.fi

Empfohlen

API as-a-Product with Azure API Management (APIM)
API as-a-Product with Azure API Management (APIM)API as-a-Product with Azure API Management (APIM)
API as-a-Product with Azure API Management (APIM)
Bishoy Demian
 
Secure and Optimize APIs using Azure API Management
Secure and Optimize APIs using Azure API ManagementSecure and Optimize APIs using Azure API Management
Secure and Optimize APIs using Azure API Management
BizTalk360
 
Azure api management
Azure api managementAzure api management
Azure api management
JoTechies
 
Azure API Management Update
Azure API Management UpdateAzure API Management Update
Azure API Management Update
BizTalk360
 
API Management in Azure
API Management in AzureAPI Management in Azure
API Management in Azure
Tomasso Groenendijk
 
Azure API Management
Azure API ManagementAzure API Management
Azure API Management
jeremysbrown
 
Microsoft Azure Api Management
Microsoft Azure Api ManagementMicrosoft Azure Api Management
Microsoft Azure Api Management
Vinícius Batista de Souza
 
Api management 101
Api management 101Api management 101
Api management 101
Michael Stephenson
 

Empfohlen

API as-a-Product with Azure API Management (APIM)
API as-a-Product with Azure API Management (APIM)API as-a-Product with Azure API Management (APIM)
API as-a-Product with Azure API Management (APIM)
Bishoy Demian
 
Secure and Optimize APIs using Azure API Management
Secure and Optimize APIs using Azure API ManagementSecure and Optimize APIs using Azure API Management
Secure and Optimize APIs using Azure API Management
BizTalk360
 
Azure api management
Azure api managementAzure api management
Azure api management
JoTechies
 
Azure API Management Update
Azure API Management UpdateAzure API Management Update
Azure API Management Update
BizTalk360
 
API Management in Azure
API Management in AzureAPI Management in Azure
API Management in Azure
Tomasso Groenendijk
 
Azure API Management
Azure API ManagementAzure API Management
Azure API Management
jeremysbrown
 
Microsoft Azure Api Management
Microsoft Azure Api ManagementMicrosoft Azure Api Management
Microsoft Azure Api Management
Vinícius Batista de Souza
 
Api management 101
Api management 101Api management 101
Api management 101
Michael Stephenson
 
Azure API management dive deep GAB2017
Azure API management dive deep GAB2017Azure API management dive deep GAB2017
Azure API management dive deep GAB2017
Jorge Arteiro
 
Build 2017 - P4034 - Agile app development with Azure API Management
Build 2017 - P4034 - Agile app development with Azure API ManagementBuild 2017 - P4034 - Agile app development with Azure API Management
Build 2017 - P4034 - Agile app development with Azure API Management
Windows Developer
 
Azure API Management
Azure API ManagementAzure API Management
Azure API Management
Daniel Toomey
 
Azure API Management - Global Azure Bootcamp 2019
Azure API Management - Global Azure Bootcamp 2019Azure API Management - Global Azure Bootcamp 2019
Azure API Management - Global Azure Bootcamp 2019
Sam Fernando
 
Azure API Apps
Azure API AppsAzure API Apps
Azure API Apps
BizTalk360
 
Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...
Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...
Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...
Tom Kerkhove
 
Implement API Gateway using Azure API Management
Implement API Gateway using Azure API ManagementImplement API Gateway using Azure API Management
Implement API Gateway using Azure API Management
Alexander Laysha
 
I Love APIs 2015: Scaling Mobile-focused Microservices at Verizon
I Love APIs 2015: Scaling Mobile-focused Microservices at VerizonI Love APIs 2015: Scaling Mobile-focused Microservices at Verizon
I Love APIs 2015: Scaling Mobile-focused Microservices at Verizon
Apigee | Google Cloud
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
Apigee | Google Cloud
 
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Nordic APIs
 
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
Nordic APIs
 
Azure app services API apps
Azure app services API appsAzure app services API apps
Azure app services API apps
Panagiotis Tsilopoulos
 
Intro to Azure Api Management - With Cats
Intro to Azure Api Management - With CatsIntro to Azure Api Management - With Cats
Intro to Azure Api Management - With Cats
Xamariners
 
Best Practices for API Design to Keep Your App Secure, Scalable & Efficient
Best Practices for API Design to Keep Your App Secure, Scalable & EfficientBest Practices for API Design to Keep Your App Secure, Scalable & Efficient
Best Practices for API Design to Keep Your App Secure, Scalable & Efficient
Nordic APIs
 
How Apigee Api Management Platform Helps with Digital Excellence
How Apigee Api Management Platform Helps with Digital ExcellenceHow Apigee Api Management Platform Helps with Digital Excellence
How Apigee Api Management Platform Helps with Digital Excellence
Ram Kumar
 
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays
 
Node.js - Extending the Programmability of Apigee Edge
Node.js - Extending the Programmability of Apigee Edge Node.js - Extending the Programmability of Apigee Edge
Node.js - Extending the Programmability of Apigee Edge
Apigee | Google Cloud
 
Public API
Public APIPublic API
Public API
Amir Zuker
 
Serverless integration - Logic Apps the most comprehensive integration service
Serverless integration - Logic Apps the most comprehensive integration serviceServerless integration - Logic Apps the most comprehensive integration service
Serverless integration - Logic Apps the most comprehensive integration service
BizTalk360
 
Integrating saas applications
Integrating saas applicationsIntegrating saas applications
Integrating saas applications
Luca Mauri
 
MuleSoft Surat Meetup#39 - Pragmatic API Led Connectivity
MuleSoft Surat Meetup#39 - Pragmatic API Led ConnectivityMuleSoft Surat Meetup#39 - Pragmatic API Led Connectivity
MuleSoft Surat Meetup#39 - Pragmatic API Led Connectivity
Jitendra Bafna
 
What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...
Kim Clark
 

Weitere ähnliche Inhalte

Was ist angesagt?

Build 2017 - P4034 - Agile app development with Azure API Management
Build 2017 - P4034 - Agile app development with Azure API ManagementBuild 2017 - P4034 - Agile app development with Azure API Management
Build 2017 - P4034 - Agile app development with Azure API Management
Windows Developer
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
Apigee | Google Cloud
 
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
Nordic APIs
 
Best Practices for API Design to Keep Your App Secure, Scalable & Efficient
Best Practices for API Design to Keep Your App Secure, Scalable & EfficientBest Practices for API Design to Keep Your App Secure, Scalable & Efficient
Best Practices for API Design to Keep Your App Secure, Scalable & Efficient
Nordic APIs
 
Node.js - Extending the Programmability of Apigee Edge
Node.js - Extending the Programmability of Apigee Edge Node.js - Extending the Programmability of Apigee Edge
Node.js - Extending the Programmability of Apigee Edge
Apigee | Google Cloud
 

Was ist angesagt? (20)

Azure API management dive deep GAB2017
Azure API management dive deep GAB2017Azure API management dive deep GAB2017
Azure API management dive deep GAB2017
 
Build 2017 - P4034 - Agile app development with Azure API Management
Build 2017 - P4034 - Agile app development with Azure API ManagementBuild 2017 - P4034 - Agile app development with Azure API Management
Build 2017 - P4034 - Agile app development with Azure API Management
 
Azure API Management
Azure API ManagementAzure API Management
Azure API Management
 
Azure API Management - Global Azure Bootcamp 2019
Azure API Management - Global Azure Bootcamp 2019Azure API Management - Global Azure Bootcamp 2019
Azure API Management - Global Azure Bootcamp 2019
 
Azure API Apps
Azure API AppsAzure API Apps
Azure API Apps
 
Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...
Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...
Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...
 
Implement API Gateway using Azure API Management
Implement API Gateway using Azure API ManagementImplement API Gateway using Azure API Management
Implement API Gateway using Azure API Management
 
I Love APIs 2015: Scaling Mobile-focused Microservices at Verizon
I Love APIs 2015: Scaling Mobile-focused Microservices at VerizonI Love APIs 2015: Scaling Mobile-focused Microservices at Verizon
I Love APIs 2015: Scaling Mobile-focused Microservices at Verizon
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
 
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
 
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
 
Azure app services API apps
Azure app services API appsAzure app services API apps
Azure app services API apps
 
Intro to Azure Api Management - With Cats
Intro to Azure Api Management - With CatsIntro to Azure Api Management - With Cats
Intro to Azure Api Management - With Cats
 
Best Practices for API Design to Keep Your App Secure, Scalable & Efficient
Best Practices for API Design to Keep Your App Secure, Scalable & EfficientBest Practices for API Design to Keep Your App Secure, Scalable & Efficient
Best Practices for API Design to Keep Your App Secure, Scalable & Efficient
 
How Apigee Api Management Platform Helps with Digital Excellence
How Apigee Api Management Platform Helps with Digital ExcellenceHow Apigee Api Management Platform Helps with Digital Excellence
How Apigee Api Management Platform Helps with Digital Excellence
 
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
 
Node.js - Extending the Programmability of Apigee Edge
Node.js - Extending the Programmability of Apigee Edge Node.js - Extending the Programmability of Apigee Edge
Node.js - Extending the Programmability of Apigee Edge
 
Public API
Public APIPublic API
Public API
 
Serverless integration - Logic Apps the most comprehensive integration service
Serverless integration - Logic Apps the most comprehensive integration serviceServerless integration - Logic Apps the most comprehensive integration service
Serverless integration - Logic Apps the most comprehensive integration service
 
Integrating saas applications
Integrating saas applicationsIntegrating saas applications
Integrating saas applications
 

Ähnlich wie Azure API Management - why should I care?

What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...
Kim Clark
 
Azure APIM Presentation to understand about.pptx
Azure APIM Presentation to understand about.pptxAzure APIM Presentation to understand about.pptx
Azure APIM Presentation to understand about.pptx
pythagorus143
 
Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0
sflynn073
 

Ähnlich wie Azure API Management - why should I care? (20)

MuleSoft Surat Meetup#39 - Pragmatic API Led Connectivity
MuleSoft Surat Meetup#39 - Pragmatic API Led ConnectivityMuleSoft Surat Meetup#39 - Pragmatic API Led Connectivity
MuleSoft Surat Meetup#39 - Pragmatic API Led Connectivity
 
What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...
 
API Services: Building State-of-the-Art APIs
API Services: Building State-of-the-Art APIsAPI Services: Building State-of-the-Art APIs
API Services: Building State-of-the-Art APIs
 
Creating a World-Class RESTful Web Services API
Creating a World-Class RESTful Web Services APICreating a World-Class RESTful Web Services API
Creating a World-Class RESTful Web Services API
 
Transformation through the API
Transformation through the APITransformation through the API
Transformation through the API
 
Open Banking & Open Insurance
Open Banking & Open InsuranceOpen Banking & Open Insurance
Open Banking & Open Insurance
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentesters
 
Azure APIM Presentation to understand about.pptx
Azure APIM Presentation to understand about.pptxAzure APIM Presentation to understand about.pptx
Azure APIM Presentation to understand about.pptx
 
Operating your Production API
Operating your Production APIOperating your Production API
Operating your Production API
 
Business Applications Integration In The Cloud
Business Applications Integration In The CloudBusiness Applications Integration In The Cloud
Business Applications Integration In The Cloud
 
The ultimate api checklist by Blendr.io
The ultimate api checklist by Blendr.ioThe ultimate api checklist by Blendr.io
The ultimate api checklist by Blendr.io
 
Developing Apps with Azure AD
Developing Apps with Azure ADDeveloping Apps with Azure AD
Developing Apps with Azure AD
 
Continuous API Strategies for Integrated Platforms
Continuous API Strategies for Integrated Platforms Continuous API Strategies for Integrated Platforms
Continuous API Strategies for Integrated Platforms
 
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
 
AWS Serverless API Management - Meetup
AWS Serverless API Management - MeetupAWS Serverless API Management - Meetup
AWS Serverless API Management - Meetup
 
Operating Your Production API
Operating Your Production APIOperating Your Production API
Operating Your Production API
 
Chris Mathias Presents Advanced API Design Considerations at LA CTO Forum
Chris Mathias Presents Advanced API Design Considerations at LA CTO ForumChris Mathias Presents Advanced API Design Considerations at LA CTO Forum
Chris Mathias Presents Advanced API Design Considerations at LA CTO Forum
 
Serverless API with Azure Functions
Serverless API with Azure FunctionsServerless API with Azure Functions
Serverless API with Azure Functions
 
Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0
 
Accidental API developer - the 12 month pregnancy to create new API
Accidental API developer - the 12 month pregnancy to create new APIAccidental API developer - the 12 month pregnancy to create new API
Accidental API developer - the 12 month pregnancy to create new API
 

Kürzlich hochgeladen

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Kürzlich hochgeladen (20)

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Azure API Management - why should I care?

  • 1. AZURE API MANAGEMENT - WHY BOTHER? Jouni Heikniemi @jouniheikniemi
  • 2. Azure API Management HR CRM Custom App Workflow engine … Client Application Single, unified, wonderful REST API The producer The consumer Azure On-premises Amazon? Google?
  • 3. So let’s talk about APIs
  • 4. Classifying APIs By intent: Data retrieval Data modification Validation Management By access policy: Private in-app Internal Public Commercial By technology: In-process binary File-based batch TCP/IP Web-ready (SOAP/REST)
  • 5. Azure App Service / Web App Hey, I know how to do this?
  • 6. So why do I need API Management?
  • 7. Six things you might want to do… 1. Publish a single API endpoint for several applications 2. Centralize authentication and authorization 3. Protect your APIs from load with throttling and caching 4. Monitor API usage and performance systematically 5. Apply transformations etc. logic on API calls 6. Providing a friendly documentary UX for your API customers “Tools for the API Economy”
  • 8. Six Seven things you might want to do… 1. Publish a single API endpoint for several applications 2. Centralize authentication and authorization 3. Protect your APIs from load with throttling and caching 4. Monitor API usage and performance systematically 5. Apply transformations etc. logic on API calls 6. Providing a friendly documentary UX for your API customers 7. Centralize your use of external APIs – “reverse API proxying”
  • 9. Azure API Management HR CRM Custom App Workflow engine … Client Application Single, unified, wonderful REST API The producer The consumer
  • 10.
  • 11.
  • 12. API Mgmt pricing • Developer edition has all the features, but no SLA • Standard edition is a bit expensive, but sufficient for most customers • If you need more data transfer capacity, just pay the data rates • If you need more API calls, scale up by paying for more units • If you need geo-distribution, VPN/ER or full Azure AD support, go Premium
  • 13.
  • 14. This is the old administrative experience, i.e. “publisher portal” (or the “Legacy of Apiphany”)
  • 15. This experience is aimed at people using your APIs, i.e. “developer portal”
  • 17.
  • 18. Azure App Service Architecture: Where are we now? Publisher Portal Developer Portal Azure API Management
  • 20.
  • 21. No operations – nothing can be called. APIM needs to know the endpoints!
  • 22. You can be quite specific here – but you don’t have to. APIM cares much less about the content of the requests/responses (for now).
  • 23. Back to the developer portal…
  • 24.
  • 25. Can we now call it?
  • 27. Taxonomy of API publishing so far API Operation - A set of endpoints served from a single backend under an URI prefix - A single method/path combination, “one action method” - Documents its interface via request/response, description etc.
  • 28. Adding users into the mix API Operation - Access to a group of APIs - Is subscribed to by users Subscription User - Links a single user to a product - Possibly multiple subscriptions - Account in the developer portal - Control product availability - E.g. administrators, partners, employees… User Groups Product
  • 29.
  • 30.
  • 34. Getting into it, finally!
  • 35. Six things you might want to do… 1. Publish a single API endpoint for several applications 2. Centralize authentication and authorization 3. Protect your APIs from load with throttling and caching 4. Monitor API usage and performance systematically 5. Apply transformations etc. logic on API calls 6. Providing a friendly documentary UX for your API customers
  • 37.
  • 38.
  • 39. Forms are a poor man’s substitute for real code (even XML)!
  • 40.
  • 42. What does throttling look like?
  • 45. Some examples of additional policies • Check HTTP header • Restrict caller IP • Validate JWT token • Conditional backend change • Retry • Mask URLs • Convert between JSON & XML • Find/replace • You can also call external services • … and write C#, using quite a few of libraries
  • 46. The base-line 1. Global scope – e.g. error logging 2. Product scope – e.g. throttling 3. API scope – e.g. request/response manipulation 4. Operation scope – e.g. caching
  • 48. Monitoring with Power BI Bing for: Azure API Management Power BI Solution template https://blogs.msdn.microsoft.com/apimanagement/2017/09/27/power-bi-solution-template/
  • 49. You end up deploying this…
  • 51. What did I ignore for the sake of the demo? • How do I make sure nobody bypasses API Management? • It’s really painful to add the APIs by hand • How do I operate this configuration mess?
  • 52. Securing your backend Azure API Management Azure App Service IP address restrictions Shared secrets Client certificates Azure AD (virtual network)
  • 53. Securing your backend by APIM IP
  • 54. Securing your backend with shared secrets
  • 55. Securing your backend the enterprise ways
  • 56. Not using “Add Blank API”
  • 58. And finally, how to manage the config… API Management Management API Azure Resource Manager Git repository
  • 59. Summary • API Management is awesome • But it’s a bit heavy and complicated – you need to invest both money and brains into it • There’s a lot I didn’t cover: versioning, SOAP/REST conversions, developer portal customization, blogging… • Luckily, the documentation is pretty good: https://docs.microsoft.com/en-us/azure/api-management/
  • 60. Extra tips • Azure API Management UserVoice: https://feedback.azure.com/forums/248703-api-management/ • Azure API Management Roadmap: https://trello.com/b/FAA147vS/azure-api-management-product- roadmap
  • 61.
  • 62. Please do not forget to evaluate the session before you leave by using our Lollipolls! AND go to Darrel Miller’s API Ecosystem session tomorrow at 10:30 (in this room)!
  • 63. That’s all folks! Jouni Heikniemi CEO/Consultant Offbeat Solutions Finland @jouniheikniemi jouni@offbeat.fi