What is Azure API Management? Why Should We Use It? What are the benefits? (Part 1)

Azure API Management is a service that allows us to manage all your APIs from one place.

Photo by Masaaki Komori on Unsplash

In the previous article, we examined the issue of Serverless Architecture. You can access it from the link below.

• What is serverless architecture? Why Serverless? Who should use serverless?
• What is Azure Functions? What are Triggers and Bindings? How to use it? Microsoft Serverless Platform.
• What is Azure API Management? Why Should We Use It? What are the benefits? (Part 1)

So let’s start…

In recent years, developments in the internet, social media, and mobile side have caused a rapid increase in the number of APIs.
APIs are tools that organizations use to connect data and services with customers, employees, and partners. As the number of APIs increases, it also brings some challenges. These are issues such as security, performance, manageability, documentation, etc.

Before examining the API Management Service, let’s talk about why we should use it and what benefits it provides us through an example.

Let’s say we are developing an API for a reservation application. It can be consumed by both internal applications and external applications in our API.
For example, let’s create our API and endpoints using Azure Function with Consumption plan for API application.

So, what will we do if there is more use than we expected while consuming our APIs from inside or outside the organization? What if it’s too late when we realize this? When we open our API to the outside world, what do we do if it gets thousands per second? How are we going to meet so many requests on the backend side without any problems? Many questions like these may come to mind.

Serverless applications enable us to implement our applications in an economical way with the pay-as-you-go model. If the Consumption plan is selected for our serverless application, it will respond to all requests as auto-scale without any problems, and as a result, we will incur a serious cost. If these are not set up correctly, a serious invoice will be inevitable at the end of the month.

We need to find solutions to some problems when our API starts to be used.

For example;

• API Security, authentication, and access control
• Caching
• Documentation
• IP restriction
• Monitoring
• Versioning
• Usage statistics
• Performance
• etc.

In order to solve these problems, we need to API gateway and create good documentation before opening our API to the outside world and developers. When APIs are started to be used, we must make the necessary improvements by performance and monitoring, and make sure that the API serves smoothly.

In short, we need to find solutions to these and similar problems in each project. For this, you can use Azure API Management, where we can centrally manage our APIs provided by Microsoft.

https://www.reply.com/

What is Azure API Management?

Azure API Management (APIM) is a fully managed Microsoft solution where developers can easily build their APIs to expose internal and external applications without writing a single line of code. APIM is located in the upper layer of our Backend services, it works like a proxy.

Azure API Management is a service that allows us to manage all your APIs from one place.

With APIM, we can manage our APIs, define policies for publications and usage restrictions for our applications running on the web and cloud. We can easily do all these operations through a central interface.

For more information about my policy definitions;

Policies in Azure API Management

Azure API Management benefits;

• Central interface to consolidate and manage thousands of APIs across multiple platforms.
• Secures backend services access to APIs with API keys
• Caches backend responses if set up.
• Easy authentication and access control for API security and access.
• Define end-to-end policies for inbound and outbound traffic.
• Documentation and publishing
• Reporting and reviewing usage analytics.
• Tracking APIs for errors in real-time

Azure API Management components:

www.reply.com

DEVELOPER PORTAL

The developer portal provides a portal with an auto-generated API catalog, documentation, and code samples. A developer portal is a place where API consumers come to find and learn about API details. The developer can find the API key to subscribe to APIs and provide a console for testing API endpoints.

API Gateway

API Gateway resides in a top layer of our backend services, it is a frontend that works like a proxy. All requests come to the gateway, route them to appropriate services, and return the results. Authentication, authorization, and restrictions are done in this layer. When a request is received that proper with the validations and limitations, it is forwarded to the backend. It enables us to easily access needs such as Cache, Logging, Request and response transformation, and analytical data.

Azure Portal

It is an interface that allows developers to configure and manage their APIs. It allows us to separate the management of users, analytical data, policy definitions, APIs in different projects as products.

Azure API Management creation.

First, we log in to the Azure Portal and write “API Management” in the search bar.

1. Resource Group: Select the resource group for the Resource to be created
2. Region: We select the region for the resource. We continue by choosing “West Europe”, which is the closest region for us.
   Please select your nearest region for you!
3. Resource Name: We enter the name of the resource. A URL with this name will be created for the APIM.
4. Pricing Tier: We choose which tier we want to use for pricing. We’ll go with the Consumption plan, which is Lightweight and Serverless in our example.

The first 1 million calls on the Consumption plan are free and Pay as you go model, but there are some restrictions. For example, features such as Developer Portal, Virtual network, Auto-scaling are not available in this layer.

You can create only 20 Consumption Plan API Management services in an Azure subscription. Each Consumption tier service can manage up to 50 APIs.

For more information;

API Management pricing | Microsoft Azure

We will encounter such a screen when API Management occurs.

Let’s examine the sections we will use here in order.

1. Backends: Our APIs are the part where we manage the resources we use for backend services. We can define it as Custom or Azure Resource.
2. Named Value: We can think of it as a Key-Value store. We can keep the values that we will use in common here. We can define named value using PlaintText, Secret, or Key-Vault.
3. Subscription: It is the subscription key provided to people who make requests to APIs in order to secure API access. We can choose all APIs, Products, or a specific API when creating a subscription.

4. Product: This is the section where we can group our APIs and create Policies and subscriptions for products.

5. API: This is the section where we make our API definitions. Endpoint definitions that are consumed by the client for HTTP requests are made into APIs. For example ListProduct, GetProduct, DeleteProduct.

Policies

The policy definition is an XML document that describes a sequence of inbound and outbound statements per API or per API operation. The XML can be edited directly in the definition window. There are policies like authentication methods, restriction, limit call rate, caching, conversions, and more.

Sample empty policy.

<policies>
<inbound>
<base />
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>

API requests can be authenticated using a subscription key, JSON Web Token (JWT), client certificate, or custom headers. Traffic can only be filtered by trusted IP addresses.

APIM Inbound Policies

For Example;
If you want to filter IP addresses, you can use the IP-filter policy. This policy filters (allows/denies) calls from specific IP addresses and/or address ranges.

<ip-filter action="allow | forbid">
    <address>address</address>
    <address-range from="address" to="address" />
</ip-filter>

<ip-filter action="allow">
    <address>13.66.201.169</address>
    <address-range from="13.66.140.00" to="13.66.140.255" />
</ip-filter>

The policy only allows requests coming either from the single IP address or range of IP addresses specified

Policies can be configured globally or at the scope of a Product, API, or Operation. To begin configuring a policy, you must first select the scope at which the policy should apply.

Policy scopes are evaluated in the following order:

1. Global scope
2. Product scope
3. API scope
4. Operation scope

Part 1 — Conclusion

Azure API Management provides us with powerful tools required for end-to-end management of API. All components are Azure-hosted and fully managed by default.

We can create modern API gateways for existing back-end services, easy API documentation, define policies and usage restrictions for our application. Azure API Management lets you transform your APIs on the fly without any code changes.

Please feel free to comment and contact me with your questions.

Twitter: https://twitter.com/ufukaytas
Linkedin: https://www.linkedin.com/in/ufukaytass/
Github: https://github.com/ufukaytas/