Saturday, October 21, 2023

Azure API Management (APIM)

 Azure API Management is a fully managed service that helps developers to securely expose their APIs to external and internal customers. It provides a set of tools and services for creating, publishing, and managing APIs, as well as for enforcing security, scaling, and monitoring API usage.

API management includes a range of features and tools, such as an API gateway, a web-based developer portal, API lifecycle management, monitoring and analytics tools, and security features. 

Azure API Management can be used with a variety of back-end services, such as Azure Functions, Azure Logic Apps, and Azure Virtual Machines, as well as with on-premises and third-party systems. It can help developers to build and manage APIs in a way that is secure, scalable, and easy to use.

Azure API Management architecture and components

Azure API Management consists of an API gateway, a developer portal, and a management plane. These components are fully managed and hosted by Azure. API Management is available in several tiers with differing features and capacity.

APIM system consists of following components,

The API gateway is the endpoint that:
  1. Accepts API calls and routes them to your backends.
  2. Verifies API keys, JWT tokens, certificates, and other credentials.
  3. Enforces usage quotas and rate limits.
  4. Transforms your API on the fly without code modifications.
  5. Caches backend responses were set up.
  6. Logs call metadata for analytics purposes.
The Azure portal is the administrative interface where you set up your API program. Use it to:
  1. Define or import API schema.
  2. Package APIs into products.
  3. Set up policies like quotas or transformations on the APIs.
  4. Get insights from analytics.
  5. Manage users.
The Developer portal serves as the main web presence for developers, where they can:
  1. Read API documentation.
  2. Try out an API via the interactive console.
  3. Create an account and subscribe to get API keys.
  4. Access analytics on their own usage.

How Azure API Management works

Azure API Management works by providing a layer between API clients and the back-end API services that they access. When a client makes a request to an API managed by API Management, the request is first sent to the API Management gateway. The gateway is responsible for enforcing security policies, rate limiting, and other policies on the API.

If the request is allowed by the gateway, it is then forwarded to the back-end API service. The back-end API service processes the request and sends a response back to the API Management gateway, which in turn sends the response back to the client.

API consumers

For API consumers, Azure API Management provides a convenient way to access and use APIs that are managed by the service. When an API consumer wants to use an API managed by API Management, they typically follow these steps:

Find the API: The consumer can discover the API by browsing the developer portal, which is a web-based portal provided by API Management that lists all the available APIs. The consumer can also use the API Management REST API to programmatically discover APIs.

Get API credentials: To use an API, the consumer typically needs to provide some form of credentials, such as an API key or an OAuth token. The consumer can obtain these credentials by signing up for an API Management account and creating an application in the developer portal.

Send a request: The consumer can then send a request to the API by making an HTTP request to the API Management gateway, using the API endpoint and the API credentials. The request is forwarded to the back-end API service, which processes the request and sends a response back to the API Management gateway.

Get a response: The API Management gateway then sends the response back to the consumer. If the request was successful, the response will include the requested data or functionality. If there was an error, the response will include an error code and message.

API providers

For API providers, Azure API Management provides a set of tools and services for building, publishing, and managing APIs. When an API provider wants to use API Management to manage their APIs, they typically follow these steps:

Create an API Management service instance: The API provider needs to create an API Management service instance in the Azure portal. This creates a dedicated API Management environment that the provider can use to manage their APIs.

Define the API: The provider needs to specify the API endpoint, the operations that the API supports, and the request and response formats. The provider can use the API Management portal or the API Management REST API to define the API.

Configure security: The provider configures security for the API by specifying the authentication and authorization methods that the API will use. API Management supports a variety of authentication and authorization methods, including API keys, OAuth, and certificates.

Set up policies: The provider can use policies to specify rules and behaviors for the API. For example, the provider can use policies to set rate limits, transform requests and responses, or cache responses.

Publish the API: The provider can make the API available in the developer portal, which allows developers to discover, learn about, and interact with APIs.

Reference: https://www.solo.io/https://www.c-sharpcorner.com


0 comments:

Post a Comment