Skip to main content

Azure API Management - An introduction (Part 1)

Is there an API for that?

If you've worked for a SaaS vendor, I'm fairly certain that at some point you've been asked this question. For most apps today, integration is no longer a should-have but a must-have requirement.

As a developer we love writing amazing json:api compliant REST endpoints that expose app functionality BUT we often neglect the realities of hosting these endpoints in a production-ready state.

This is where Azure API Management comes in. Here's the pitch from Microsoft:

Azure API Management as a turnkey solution for publishing APIs to external and internal customers. Quickly create consistent and modern API gateways for existing back-end services hosted anywhere, secure and protect them from abuse and overuse, and get insights into usage and health. Plus, automate and scale developer on-boarding to help get your API program up and running. 

What is it?

  • Serves as a proxy that sits between your back-end services/apis & the calling apps
  • Essentially a common facade on top of existing apis
  • This "intermediate layer" allows you to quickly create consistent and modern API gateways for existing back-end services hosted anywhere
  • Turnkey solution for publishing apis to external and internal consumers.

Why use Azure API Management?

  • Perfect way to easily package & publish your existing back-end apis
  • Allows easy developer on-boarding (serves as a self-service portal)
    • Ramp-up uptake with docs, samples & an api console
    • Provide API documentation and an interactive console
    • Allows API discoverability
  • Enhance back end services by
    • Throttle, rate limit and quota your APIs
    • Monitor health of your APIs and quickly identify errors
    • Gain analytic insights on how your APIs are being used
  • Allows managing your service via the Azure portal, REST API, PowerShell, or Git repository

I will be writing a series of posts to cover this topic, stay tuned ..

- Part 1: Azure API Management - An introduction
- Part 2: Azure API Management - Your back-end api
- Part 3: Azure API Management - Creating a gateway & exposing your api
- Part 4: Azure API Management - Add rate limiting & consuming the api
- Part 5: Azure API Management - Add security
- Part 6: Azure API Management - Using REST APIs to manage your APIm (using postman)
- Part 7: Azure API Management - Auto-publish your APIs to APIm using Azure DevOps, Postman & Newman


Popular posts from this blog

Internet Information Services(IIS) reveals its real or internal IP Address

In the ever changing world of global data communications, inexpensive Internet connections, and fast-paced software development, security is becoming more and more of an issue. Security is now a basic requirement because global computing is inherently insecure.

Keeping that in mind, we recently ran our flagship product through a security audit. It was such a helpful exercise in tying-off any remaining lose ends in our application in terms of application security. 
Based on the security audit report, there was a relatively minor issue that appeared when accessing the /images directory of our application. Turns out that the Location response header of the 301 request returns an Internal IP address. The issue is detailed below.

Issue reportedInternet Information Services (IIS) may reveal its real or internal IP address in the Location header via a request to the /images directory. The value returned whilst pen testing is

The riskInformation regarding internal IP add…

C# Console app that displays twitter feed using Linq To Twitter (using Single User Authorization)

I recently had to add a twitter feed to my existing ASP.NET MVC 4 application. All I had to do was pull the last 10 tweets for a given user. It took me a while (shamefully, 3 hours) to get it working so I thought of writing a simple tutorial that explains how to pull a twitter feed for a console app using LINQ to Twitter.

LINQ to Twitter is an open source 3rd party LINQ Provider for the Twitter micro-blogging service. It uses standard LINQ syntax for queries and includes method calls for changes via the Twitter API
What took me long to figure out was the way twitter has implemented authentication using OAuth. Before you do anything, make sure you read the Learning to use OAuth document.
In my example, I used Single User Authorization. Single User Authorization is designed for scenarios where you'll only ever have one account accessing Twitter. i.e. if your Web site does periodic Twitter updates, regardless of user or you have a server that monitors general information. 
Before we be…

Unit Testing HttpContext.Current.Session in MVC3 .NET

We recently changed some functionality where during the "CREATE" process, we go through a wizard to save application data. This data is saved only to the session in the final step when the user clicks the final submit.

This was easy enough to implement but when I started writing unit tests for my static methods that Add, Update, Delete or Modify the contents of our application data in the session, I got the following error:
System.NullReferenceException: Object reference not set to an instance of an object.

Turns out I had forgotten to setup the HttpContext.
The following "TestInitialise" method fixed my problem :)

public void TestSetup()
// We need to setup the Current HTTP Context as follows:

// Step 1: Setup the HTTP Request
var httpRequest = new HttpRequest("", "http://localhost/", "");

// Step 2: Setup the HTTP Response
var httpResponce = new HttpResponse(new StringWriter());

// Step 3: Se…