Azure API Management & its new layout changes and enhancements

What is API Management?

Azure API Management (APIM) helps organizations unlock the potential of their data and services by publishing APIs to external partners, and internal developers. Businesses are extending their operations as a digital platform by creating new channels, finding new customers, and driving deeper engagement with existing ones. APIM provides the core competencies to ensure a successful API program through developer engagement, business insights, analytics, security, and protection. You can use APIM to take any backend and launch a full-fledged API program based on it.

To use APIM, administrators define APIs in the portal. Each API consists of one or more operations and can be added to one or more products. To use an API, developers subscribe to a product that contains that API and then call the API’s operation, subject to any usage policies that might be in effect. Common scenarios include:

• Streamlines the process of common tasks necessary for creating an API for external use.
• Tasks include:

- Creating a successful and useful developer portal

• Securing API endpoints from anonymous or unwanted access
• Managing existing developer access through cache mechanisms, throttling, and other policies
• Building a monitoring and analytics platform to diagnose issues and monitor adoption
• Providing business users and developers with deep insights into how each API is specifically used

Some of the terminologies you will hear a lot

1. Back-end API: A HTTP service you implement with your business logic

2. Front-end API: A HTTP service façade hosted by API Management to obfuscate your back-end API

3. Product: One or more APIs, along with a usage quota and terms of use

4. Operation: A specific operation in the Frontend API that correlates to a specific request/response from the back-end API

5. Version: A breaking change to the Frontend API

The existing application will not be required to change its code as you update or change the Frontend API

6. Revision: A nonbreaking change to a Frontend API

7. Developer portal: An interface that developers use to learn about your API and test operations

What is the Subscription(s):

When you publish APIs through API Management, it’s easy and common to secure access to those APIs by using subscription keys. Developers who need to consume the published APIs must include a valid subscription key in HTTP requests when they make calls to those APIs. Otherwise, the calls are rejected immediately by the API Management gateway. They aren’t forwarded to the back-end services.

To get a subscription key for accessing APIs, a subscription is required. A subscription is essentially a named container for a pair of subscription keys. Developers who need to consume the published APIs can get subscriptions. And they don’t need approval from API publishers. API publishers can also create subscriptions directly for API consumers.

Traditionally, subscriptions in API Management were always associated with a single API product scope. Developers found the list of products on the Developer portal. Then they’d submit subscription requests for the products they wanted to use. After a subscription request is approved, either automatically or by API publishers, the developer can use the keys in it to access all APIs in the product.

• Subscriptions tie Developers together with Products

• A Developer will sign up for a subscription to get access to various products
• The subscription will grant the Developer access to subscription keys
• The subscription keys can be used to access specific products

Policies: Collection of statements that are executed sequentially at the request or response of an API. Are a quick way to change the behavior of an API without code changes to the actual back-end API application. A comprehensive list of policy options can be found at API Management policies

(https://docs.microsoft.com/en-us/azure/api-management/api-management-policies)

Azure API Management Installation

Go to Home → On the search window → type “API Management”

While creating Based on your usage please select the appropriate pricing tier

An important point to be considered when you create any new API Management it usually takes close to 20–25mins on avg, this is by Architectural design.

for the first time, the window will something like this

Let's look into a few other important components

1. APIs: APIs are the foundation of an API Management service instance. Each API represents a set of operations available to developers. Each API contains a reference to the back-end service that implements the API, and the map of its operations to the operations implemented by the back-end service. Operations in API Management are highly configurable, with control over URL mapping, query and path parameters, request and response content, and operation response caching. Rate limits, quotas, and IP restriction policies can also be implemented at the API or individual operation level.

there are a few different ways you can create new API’s

• either by clicking on + sign
• either by selecting existing API (WebApp/API service) along with this Microsoft Azure gives you the flexibility to select definitions based on LogicApp & FunctionApp as well.

So as a part of this demo I have already created 1 of the sample Demo WebApp, below is the snippet.

Now you can see I have 5 different operations that are tagged with this WebApp, so let's try to add it.

In order to do so click on APIs → click on + Add API → as this belongs to the family of AppService

After selecting an appropriate web app, a new window will be something like below → Click on Create

Now you can see new API along with few operations which are associated with it will get displayed.

Now we have API and Its operation(s) next task is to test to see if they really show up all operations and works.

SO in order to do so, we have to click on “Developer Portal (legacy)

Click on APIS

Once you click on the required API it will list out all operations.

Now if we want to cross verify with AppService to make sure we are hitting right API and output is correct, then I can simply open https://prademowebapp11.azurewebsites.net/swagger/index.html

Click on Get request and then I can see the same output from there as well.

What are Headers: Headers let the client and the server pass additional information with an HTTP request or response. All together Azure API Management offers 46 different types

Named values: Named values can be used to manage constant string values across all API configurations and policies. One of the best use cases where we use is when you are mapping LogicApps in your API code. That's the place where we add Named Keyvalue/pair and give reference in the code.

Subscriptions: They’re the most common way for API consumers to get access to APIs published through an API Management instance.

Some of the latest additions in Azure API Management.

• portal overview
• Delegation

things you may not see “Cors”

Entire new layout for Deployment and Infrastructure, as well a few new additions here as well such-as “Network Connectivity Status”, “Gateways”, “Locations” (earlier this option was under Overview).

Gateways is a new addition this is mainly if you want to connect across clouds from a single API Management service in Azure as well as with an On-premise environment.

Network Connectivity status is a new feature in APIM we can track all services availability.

below is the snippet from Old API Management

Feel free to provide your comments.