azure api management slidedeck - wordpress.com · securing apis with aad - oauth2 azure active...
TRANSCRIPT
![Page 1: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/1.jpg)
Azure API Management
![Page 3: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/3.jpg)
Agenda
What is API-Management and why do I need it?Create & ConfigureProductsAlternative AuthenticationDelegationPolicies & SecurityConfiguration versioning with GITAnalytics & ReportsPricing
![Page 4: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/4.jpg)
What is API Management?
![Page 5: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/5.jpg)
Azure API Management
Developer Portal
Gateway
Publisher Portal
Applications
Publisher(s)
Developers
BackendService
ASP.NET, PHP, NodeJS, Java,
Ruby,…
![Page 6: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/6.jpg)
API Apps & API Management
API Apps
Hosting
Simple Access Control
CORS
Trigger/Action (Logic App)
API Management
Monitor
Throttle
Manipulate
Consolidating
![Page 7: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/7.jpg)
DEMOCreate API Management
Up to 60 Minutes !Proxy (name.azure-api.net)Portal (name.portal.azure-api.net)Management (name.management.azure-api.net)SCM (name.scm.azure-api.net)
![Page 8: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/8.jpg)
VPN Connection
![Page 9: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/9.jpg)
External VPN
![Page 10: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/10.jpg)
Internal VPN
![Page 11: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/11.jpg)
DEMOAdd an API
![Page 12: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/12.jpg)
Products
Product(s)
User(s)
Group(s)
API(s)
Rate limits & quotas
![Page 13: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/13.jpg)
DEMOCreate a productSubscribe to a product
![Page 14: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/14.jpg)
Azure Active Directory,FB, Google,…
using Azure AD to sign up/in API Management
Azure API Management
Gateway
Developers
![Page 15: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/15.jpg)
Delegation
Handle Authentication (SignIn/Up)
Handle Product Subscription
![Page 16: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/16.jpg)
Delegation Authentication Process
Management API
Protected WebPage
[Anonymous]|| Product Page
My Company Site
CorporateDelegation Handler
CorporateSignUp/In | Product
CorporateDelegation Handler
Protected WebPage
[Authorized]
Developer
![Page 17: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/17.jpg)
Policies
ProxyMiddleware Components
Request Destination
![Page 18: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/18.jpg)
Cors
*.spectologic.com
*.spectologic.com/api/calc
*.azurewebsites.com/api/calc
API MGMTGateway
![Page 19: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/19.jpg)
DEMOAdd a CORS policy
![Page 20: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/20.jpg)
Request Throttling Policies
API MGMTGateway
Request
Destination
Request
Request
Request
3 requests
Too many requests!
![Page 21: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/21.jpg)
DEMOThrottling Policy
![Page 22: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/22.jpg)
Validating JWT-Tokens
API MGMTGateway
Request Destination
ocp-apim-subscription-keySubscription Key
AuthorizationJWT-Token
![Page 23: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/23.jpg)
Properties in policies
PropertiesKey/Value Repository
![Page 24: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/24.jpg)
DEMOValidating JWT tokens
![Page 25: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/25.jpg)
More access restriction policies
Set-Header
Check-Header
IP-Filter
![Page 26: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/26.jpg)
HTTP-request policies
Send-One-Way-Request
Send-Request
Return-Response
![Page 27: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/27.jpg)
Integrating with SLACK
![Page 28: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/28.jpg)
Securing the backendClient Certificates
Azure API Management
GatewayApplicationsBackendService
![Page 29: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/29.jpg)
Securing APIs with OAuth2 / OpenID Connect
Azure API Management
Gateway
Applications
BackendService
Azure Active Directory…
Implicit/AuthCode
Developers
![Page 30: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/30.jpg)
Securing APIs with AAD - OAuth2Azure Active Directory
Backend Service
AAD Application
AAD Application
Azure API MGMTOAuth 2.0 Config
resource = AppID-UriApplication
![Page 31: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/31.jpg)
Securing APIs with AAD - OAuth2Azure Active Directory
Backend Service
AAD ApplicationClientID
Client SecretAppID-Uri
SignIn/Reply-UriAD-Permissions
AAD ApplicationClientID
Client SecretAppID-Uri
SignIn/Reply-UriAD-PermissionsApp-Permission
Azure API MGMTOAuth 2.0 Config
resource = AppID-Uri
AAD ApplicationClientID
Client SecretAppID-Uri
SignIn/Reply-UriAD-PermissionsApp-Permission
Application
![Page 32: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/32.jpg)
Caching with API Management
Improving Performance
![Page 33: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/33.jpg)
Advanced Caching
Fragment Caching
<cache-lookup-value>
<cache-store-value>
![Page 34: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/34.jpg)
API Management GIT-Configuration [Preview]
multiple configuration versions
syncing of multiple tenants (Test Production)
utilizing git workflow for collaborative editing
text-file based configuration
secrets from properties are kept in database only!
![Page 35: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/35.jpg)
API Management GIT-Configuration
InternalAPI MGMTDatabase
GIT repository
Modify & Commit
Request to cloneconfig data to GIT
Request to updateconfig data from GIT
![Page 36: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/36.jpg)
Analytics & Reports
![Page 37: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/37.jpg)
PricingPricing Developer Standard Premium
Price€1.34 / day (~€41.31 / mo)
€19.02/day per unit (~€ 589.51 /mo)
€77.50/day per unit (~€ 2,402.48 /mo)
API Calls (per unit)32 K / day(~1 M / month)
7 M / day(~217 M / month)
32 M / day(~1 B / month)
Data Transfer (per unit)161 MB / day(~5 GB / month)
32 GB / day(~1 TB / month)
161 GB / day(~5 TB / month)
Cache 10 MB 1 GB 5 GB
Scale-out N/A 4 units Contact us for more
Unlimited
SLA N/A 99.9% 99.95%
Multi-Region Deployment No No Yes
Azure Active Directory Integration
Unlimited User Accounts No Unlimited User Accounts
VPN Yes No Yes
Additional Data TransfersStandard Data Transfers rates apply
Standard Data Transfers rates apply
Standard Data Transfers rates apply
![Page 38: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/38.jpg)
THANK YOU
![Page 39: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/39.jpg)
Resources
Papers
Whitepaper CITO Research –Cloud-based API Management: Harnessing the Power of APIs
Harvard Business Review
General
APIM Overview
Configuration over GIT
Team-Blog of Azure API Management
Logging
How to log to Event Hubs
AAPIM and Azure Event Hubs Integration
![Page 40: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/40.jpg)
Resources
Policies
Send Request and Return Response Policies
Advanced Request Throttling with Azure APIM
APIM How to Policies
APIM Adanced Policies
CORS Policy
![Page 41: Azure API Management Slidedeck - WordPress.com · Securing APIs with AAD - OAuth2 Azure Active Directory Backend Service AAD Application ClientID Client Secret AppID-Uri SignIn/Reply-Uri](https://reader033.vdocuments.mx/reader033/viewer/2022042517/5ae902fc7f8b9ac3618be605/html5/thumbnails/41.jpg)
Resources
Authorization & Delegation
How to authorize developer accounts with AAD
Delegation Process
Pricing
Pricing