IMPLEMENT API GATEWAY USING AZURE API MANAGEMENT

ALEXANDER LAYSHA,CHIEF SOFTWARE ENGINEER AT EPAM SYSTEMS

AGENDA

• WHY WE IMEPLEMENTED API GATEWAY• INTRODUCTION TO AZURE API MANAGEMENT• DESIGN FOR PRICING TIERS• OVERVIEW OF PUBLISH AND DEVELOPER PORTALS• POLICY DISCUSSION• OPTIONS FOR SECURITY

EVOLUTION OF OUR PROJECT

UI

SOAP

REST API 1

REST API 2

REST API N

REST APIs

DEVELOPERS

APPS

BEFORE AFTER

MONOLITH APP

OUR CONCERNS IN API MANAGEMENT

• ACCESS TO PUBLIC & INTERNAL APIs• VISIBILITY OF APIs TO CUSTOMERS BASE ON PRICING TIER• CONTROL OF API USAGE BASE ON PRICING TIER• ANALYTICS OF APIs USAGE BY CUSTOMERS• FUTURE NEEDS AND GROWTH PLANS

HOW WE ADDRESSED CONCERNS?

UI

SOAP

REST API 1

REST API 2

REST API N

REST APIs

DEVELOPERS

APPS

BEFORE AFTER

MONOLITH APP

API G

ATEW

AY

A BIT ABOUT API GATEWAY & HISTORY

API GATEWAY

SERVICE

TRANSFORMATION

SECURITYUSAGE QUOTAS & LIMITS

MONETIZATION

LOGS

ANALYTICS DEV SUPPORT

VISIBILITY

• CREATE API TO EXPOSE BACK-END SERVICES

• ACTS AS REVERSE-PROXY

• VENDORS: Apigee, WSO2, MuleSoft, AWS

API Gateway, Azure API Management

INTRO TO AZURE API MANAGEMENT

API

DEVELOPER PORTAL

PUBLISHERPORTAL

PROXY

AZURE API MANAGEMENT

PUBLISHER / ADMIN

DEVELOPERS

APPS

BACKEND

Can be hosted anywhere: public

cloud or on-premises

API MANAGEMENT FEATURES

DEVELOPER PORTAL PUBLISHERPORTAL

PROXY

AZURE API MANAGEMENT

REGISTRATIONDOCUMENTATIONINTERACTIVE API CONSOLEDEVELOPER ANALYTICSAPP GALLERYFORUMSNEWSISSUESWIKI

API PUBLISHINGSUBSCRIPTION MANAGEMENTSECURITYMEDIATIONCONTENT PUBLISHINGSITE CUSTOMIZATIONISSUE MANAGEMENTANALYTICSREPORTS

SCALINGCACHINGMONITORINGTRAFFIC MANAGEMENTTRANSFORMATION

API MANAGEMENT ENTITIES

USER PRODUCTOPEN|PROTECTED

API

RATE LIMITS & QUOTAsGROUP

DEMO: OUR DESIGN FOR PRICING TIERS

TRIAL PRODUCTPROTECTED

PAID PRODUCTPROTECTED

SYS PRODUCTPROTECTED

Health Check API

LIMITS FOR TRIALSYS GROUP LIMITS FOR

PAIDTRIAL

GROUPADMIN GROUPUNLIMITED

SYS ACCOUNT

TRIAL ACCOUNT

PAID ACCOUNT

ADMIN ACCOUNT

API NAPI 2API 1

APIs

CUST

OM

ER

PRO

DUCT

S

INTERNAL USE ADMIN USE BUSINESS USE

PAID GROUP

API MANAGEMENT POLICY

“In Azure API Management, policies are a powerful capability of the system that allow the publisher to change the behavior of the API through configuration. Policies are a collection of Statements that are executed sequentially on the request or response of an API. ”

POLICY SCOPES ARE EVALUATED IN THE FOLLOWING ORDER:• Global scope• Product scope• API scope• Operation scope

POLICY TEMPLATE<policies> <inbound> <!-- statements to be applied to the request go here --> </inbound> <backend> <!-- statements to be applied before the request is forwarded to the backend service go here --> </backend> <outbound> <!-- statements to be applied to the response go here --> </outbound> <on-error> <!-- statements to be applied if there is an error condition go here --> </on-error></policies>

POLICY REFERENCE: https://docs.microsoft.com/en-us/azure/api-management/api-management-policy-reference

HOW TO DEBUG API MANAGEMENT?

• API INSPECTOR TOOLHEADER: Ocp-Apim-Trace = true

• EVENT HUB LOGGER<log-to-eventhub logger-id ='logger-id'> @( string.Join(",", DateTime.UtcNow, ...))</log-to-eventhub>

DEMO: POLICY TO DOWNLOAD A FILE

DEVELOPERS

AZURE BLOB STORAGE

CUST

OM

PO

LICY

AZURE WEB APP

AZU

RE A

PI M

ANAG

EMEN

T

URL + SAS

2

5

URL + SAS

FILE ID

3

4

FILE

FILE ID

FILE

1

6

WHAT ARE OPTIONS TO SECURE API?

• SECURITY BY OBSCURITY• BASIC AUTH• MUTUAL SSL• VNET• OAUTH 2.0• OPENID

DEMO: OUR DESIGN FOR SECURITY

DEVELOPERS AZURE API MANAGEMENT

SUBSCIPTION KEY

AZURE WEB APPs

CERT

IFIC

ATI

ON

FIL

E

BUSINESS PROCESS TO

REGISTER NEW CUSTOMER

SUBSCIPTION KEY

API NAPI 1

Q&A