Credit to Kent Weare – “Protecting Logic Apps using Azure API Management”
Façade – “front of the building” – inside is unknown
Decouple – reducing dependency on other applications – multiple APIs can be accessed from a single endpoint
Modernize – XML/JSON, security, self service
Optimize -
Middleware
Secure/Protect; securing your APIs with HTTPS, authentication, IP restrictions
Developer access via user login, Azure AD, Oauth, Facebook, security groups
Cache – performance benefits; for a given set of query parameters, cache the result. If someone else uses the same query parameters, a cached result is returned
Monitoring
Usage – partner portal dashboards
Health - dashboards, Azure SLAs
Monetization - https://blogs.msdn.microsoft.com/apimanagement/2016/06/30/how-to-monetize-apis-with-azure-api-management/
Developer
Discover – APIs and apps
Document – API documentation presented to end users; utilising existing WSDL/WADL/Swagger definitions
Complete developer self service – allows self registration, generation of API keys, documentation, etc
Credit to Kent Weare – “Protecting Logic Apps using Azure API Management”
APIM on Azure is provided as a fully managed cloud service. It has 3 key components.
Publisher portal is used by API publishers, people who own the APIs, to manage the APIs. On the Publisher portal one can add and edit APIs, configure API policies, view analytics, etc. Metadata and settings entered on the Publisher portal drive both the gateway and the developer portal. Management operations can be automated by using a comprehensive but easy to learn and use API.
Developer portal is turn key and shows auto-generated API catalog, interactive documentation and samples. Its look-and-feel and behavior can be customized to reflect customer brand and needs. “Self Service”
Gateway acts as a front door and mediates all the requests to your APIs, collecting usage and health data and applying policies configured via Publisher portal. It can connect to backends located anywhere and implemented and running on any technology stack either directly or via VPN. Gateway supports both Basic HTTP and mutual certificate authentication.
API Management Publisher Portal
Policies are made up of three transformation contexts:
Inbound
Transforms the request from the client before hitting the backend
Uses:
Authentication
Restrict by IP
Quotas & rate limiting
XML to JSON and vice versa (implement the reverse in outbound)
Backend
Uses:
Rewrite URL
Outbound
Transforms the respond from the backend before being sent to the client
Uses:
Strip out backend header information (i.e. ASP.Net vesion or any other platform information)
XML to JSON and vice versa (implement the reverse in inbound)
Subscription based limits
Zomato limits their public API access to 1000 calls per day. Higher limits require negotiation.
Key based limits
Users may be able to perform 1000 searches per day, but may only use a specific action in the API to fetch 10 documents (responses) per month
API Management can be hosted behind an Application Gateway service to provide load balancing and Web Application Firewall type functionality (eg SQL Injection detection and other vulnerabilities)