What is APIM?
API Management (APIM) is a way to create consistent and modern API gateways for existing back-end services.
API Management helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services
APIM system consists of following components,
- The API gateway is the endpoint that:
- Accepts API calls and routes them to your backends.
- Verifies API keys, JWT tokens, certificates, and other credentials.
- Enforces usage quotas and rate limits.
- Transforms your API on the fly without code modifications.
- Caches backend responses were set up.
- Logs call metadata for analytics purposes.
- The Azure portal is the administrative interface where you set up your API program. Use it to:
- Define or import API schema.
- Package APIs into products.
- Set up policies like quotas or transformations on the APIs.
- Get insights from analytics.
- Manage users.
- The Developer portal serves as the main web presence for developers, where they can:
- Read API documentation.
- Try out an API via the interactive console.
- Create an account and subscribe to get API keys.
- Access analytics on their own usage.
What is Product in APIM?
Products are how APIs are surfaced to developers. Products in API Management have one or more APIs, and are configured with a title, description, and terms of use. Products can be Open or Protected. Protected products must be subscribed to before they can be used, while open products can be used without a subscription. When a product is ready for use by developers, it can be published. Once it is published, it can be viewed (and in the case of protected products subscribed to) by developers. Subscription approval is configured at the product level and can either require administrator approval or be auto-approved. We have used Product in the demo of this article.
What are Groups?
Groups are used to manage the visibility of products to developers. API Management has the following immutable system groups,
- Administrators - Azure subscription administrators are members of this group. Administrators manage API Management service instances, creating the APIs, operations, and products that are used by developers.
- Developers - Authenticated developer portal users fall into this group. Developers are the customers that build applications using your APIs. Developers are granted access to the developer portal and build applications that call the operations of an API.
- Guests - Unauthenticated developer portal users, such as prospective customers visiting the developer portal of an API Management instance fall into this group. They can be granted certain read-only access, such as the ability to view APIs but not call them.
Let’s start with creating APIM Service,
We are selecting ‘Basic Tier’ for this demo, for ‘Basic Tier’ price is ‘$0.21/hour’. While creating APIM, it asks for admin email address where all communication will be sent. You can find more details about tier, pricing, and its feature here: https://azure.microsoft.com/en-us/pricing/details/api-management/
We are not opting in for any application insights log, so we have turned off this feature.
For Basic Tier, only 2 scale out units is supported. However, if you need it more then choose higher tier accordingly.
Here, we can Turn On ‘System assigned Managed Identity’, this will help us to access Azure cloud services without storing any credentials in the application.
APIM does not support Virtual network in basic tier. If, application needs ‘Virtual Network’ to be configured then pls choose a higher tier.
Once APIM resource is deployed then below is overview look. This display will give us information about Pricing Tier, Added APIs, User, Subscription, etc.
For this demo, I have created one web API which I have deployed to azure web app.
Web API Code
Azure web app
Result of web app
APIM provide multiple way to add APIs as below, let’s add above created app service.
We can see our APIs are added into APIM and can be accessed using APIM domain URL.
APIM provides a number of filters for both inbound as well as outbound traffic. Let’s add inbound policy to set call rate limit on API as below.
As per above policy when there will be more than one call to this API within 60 secs then it will return below response.
Above policy we implemented for the single API but what if we need to implement same set of policies on multiple APIs? Here, Product comes into picture.
We can see, our APIM having two APIs are added as below. (Echo API was created by default when we created APIM service)
We have removed all existing policies from both APIs and let’s create one product
Now in Product, we can assign policy.
Now we can add our APIs under this product.
We can validate this from API as well.
We can see product policy implemented for both APIs.
Whenever we create a Product then along with Product APIM create one dedicated subscription.
This subscription is associated with product and in settings option of Product, there is an option to make subscription mandatory to access APIs. If we tick this option then to access APIs under this product would require passing along with subscription key.
Now, as we can see API returning error response when we are calling it without subscription key.
So, we can get the subscription key from Subscription and can send it along with request as below.
I hope this article will help you to understand end to end implementation of APIM service.
Thanks for reading this article. Pls share your comments and review for the same.
Happy Coding ๐.