1

AZURE API MANAGEMENT (APIM)

DOCUMENT
1.APIM introductions
-Api management is a platform-as-a-service that supports the
complete API lifecycle.
-APIs enable digital experiences, simplify application integration,
underpin new digital products, and make data and services
reusable and universally accessible. With the proliferation and
increasing dependency on APIs, organizations need to manage
them as first-class assets throughout their lifecycle.
-Azure API Management helps customers meet these challenges:
oAbstract backend architecture diversity and complexity from
API consumers
oSecurely expose services hosted on and outside of Azure as
APIs
oProtect, accelerate, and observe APIs
oEnable API discovery and consumption by internal and
external users
2.APIM scenarios
-Unlocking legacy assets - APIs are used to abstract and modernize
legacy backends and make them accessible from new cloud
services and modern applications. APIs allow innovation without
the risk, cost, and delays of migration
-API-centric app integration - APIs are easily consumable,
standards-based, and self-describing mechanisms for exposing and
accessing data, applications, and processes. They simplify and
reduce the cost of app integration.
-API-centric app integration - APIs are easily consumable,
standards-based, and self-describing mechanisms for exposing and
accessing data, applications, and processes. They simplify and
reduce the cost of app integration.
-B2B integration - APIs exposed to partners and customers lower
the barrier to integrate business processes and exchange data
between business entities. APIs eliminate the overhead inherent in
point-to-point integration. Especially with self-service discovery
and onboarding enabled, APIs are the primary tools for scaling B2B
integration.

3. APIM components: APIM is made up of an API gateway,

a management plane, and a developer portal
a. API gateway: All requests from client applications first reach
the API gateway, which then forwards them to respective backend
services. The API gateway acts as a facade to the backend services,
allowing API providers to abstract API implementations and evolve
backend architecture without impacting API consumers. The
gateway enables consistent configuration of routing, security,
throttling, caching, and observability. Specifically, the gateway:
Acts as a facade to backend services by accepting API calls
and routing them to appropriate backends
Verifies API keys and other credentials such as JWT tokens
and certificates presented with requests
Enforces usage quotas and rate limits
Optionally transforms requests and responses as specified in
policy statements
If configured, caches responses to improve response latency
and minimize the load on backend services
Emits logs, metrics, and traces for monitoring, reporting, and
troubleshooting
b. Management plane: API providers interact with the service
through the management plane, which provides full access to the
API Management service capabilities. We will use the management
plane to:
Provision and configure API Management service settings
Define or import API schemas from a wide range of sources,
including OpenAPI, WSDL, and OData definitions, Azure
compute services, and WebSocket, GraphQL, and gRPC
backends
Package APIs into products
Set up policies like quotas or transformations on the APIs
Get insights from analytics
Manage users
c. Developer portal: The open-source developer portal is an
automatically generated, fully customizable website with the
documentation of your APIs. Using the developer portal,
developers can:
Read API documentation
Call an API via the interactive console
Create an account and subscribe to get API keys
Access analytics on their own usage
Download API definitions

Manage API keys

These sections above described the detail information
about APIM and its components. Below are the answers for
the questions provided in the ticket:
1. How to define a common authentication protocol in APIM and
implement it in the APIs ?
To define a common authentication protocol in Azure API
Management, you can use policies to validate tokens or authenticate
with a managed identity. This approach will use OAuth 2.0
authorization with Microsoft Entra ID to protect an API
Validate tokens: Use the validate-jwt or validate-azure-ad-
token policy to validate a token before the gateway passes the
request to the backend
Authenticate with a managed identity: Use the authentication-
managed-identity policy to obtain an access token from Microsoft
Entra ID. The policy then sets the token in the Authorization
header
2. How to produce Swagger / OpenAPI JSON documentation in each API
that are considered valid and recognizeable by APIM ?
To get the valid Swagger / OpenAPI JSON documentation we need to
the following steps:
Create a New Web API in .NET 8.0 with OpenAPI Enabled
Provide OpenAPI Documentation in Existing Project by install
the Swashbuckle.AspNetCore NuGet package.
Register some services and add some middlewares to the
project
Enrich Documentation via XML Comments and Attributes (if
needed) by Generate and Read Documentation Comments
(XML), define API Responses (HTTP Codes and Types),
Define Media Types (Consumed and Produced), define
Filters, defined API Examples (Request and Response),...
Deploy this website to Azure App Service or in the
containerize. You will get the url something like this:
https://testwebsite.azurewebsites.net?format=json
Use this url to import to the APIM

3. Environment-specific deployment strategy / procedures i.e. first

deploy API to regular App Svc, then "register" the API with APIM ?
We need to store some secret information such as secret,
applicationId, tenantId, ... in AzureKeyVault and we will receive these
information when application startup in the Azure App Service.
Beside that we also store some information depended on the
environment such as website url in the environment variable.
4. API management and discovery in APIM ?
To discover APIs in Azure API Management, you can browse the
developer portal or use the API Management REST API
Developer portal: A web-based portal that lists all available
APIs. You can explore APIs, authenticate against them, and
view your changes after publishing the portal.
API Management REST API: You can use this API to
programmatically discover APIs
5. Anything special in APIM with logging / monitoring ?
To implement this thing we can do the following thing:
 Use the API analytics in Azure API Management to get the
information for logging
Use the Azure Event Hubs in Azure API Management to log
event
Use the Azure Application Insights integrated with Azure API
Management
Visualize API Management monitoring data using a Managed
Grafana dashboard for monitoring
In conclusion we have some questions for you about how the
APIM will be integrated with CPData project:
1. Will we use the OAuth 2.0 with Microsoft Entra ID as a authentication
protocol for APIM ? If true which scenario should be used ? Client app
authorizes directly to backend or Client app authorizes to API Management.
This is the link to this question.
2. Do we need to manage version and revision of the api ?
3. Will we use the caching mechanism to improve performance of the APIM ?
4. Can we describe the format of the OpenApi documentation ? I mean what
is
the format of the OpenApi documentation will satisfy your expectation ?

5. Is there any requirements for the structure of the API Project (Design
pattern, Best practice, ....) ?