Road To AZ-204 - Implementing API Management

Introduction

This article's intention is to explain the main skills measured in this sub-topic of the AZ-204 Certification. API Management, APIM authentication, and APIM policies are the main components that will have their fundamentals explained here alongside a practical example.

This certification is very extensive and this article approaches only the main topics, make sure you know those components in depth before taking the exam. Another great tip is to do exam simulators before the official exam in order to validate your knowledge.

What is the Certification AZ-204 - Developing Solutions for Microsoft Azure?

The AZ-204 - Developing Solutions for Microsoft Azure certification measures designing, building, testing, and maintaining skills of an application and/or service in the Microsoft Azure Cloud environment. It approaches, among others, those components.

  • Azure Virtual Machines
  • Docker
  • Azure Containers
  • Service Web App
  • Azure Functions
  • Cosmos DB
  • Azure Storage
  • Azure AD
  • Azure Key Vault
  • Azure Managed Identities
  • Azure Redis Cache
  • Azure Logic App
  • Azure Event Grid
  • Azure Event Hub
  • Azure Notification Hub
  • Azure Service Bus
  • Azure Queue Storage.

Target Audience

Any IT professional willing to improve his knowledge in Microsoft Azure is encouraged to take this certification, it is a great way to measure your skills within trending technologies. But, some group of professionals is keener to take maximum advantage of it.

  • Azure Developers, with at least 1 year of experience with Microsoft Azure.
  • Experienced Software Developers, looking for an Architect position in a hybrid environment.
  • Software Developers, working to move applications to the cloud environment.

Skills Measured

According to today's date, the skills that are measured in the exam are split as follows.

Benefits of Getting Certified

The main benefit here is having a worldwide recognized certification that proves that you have knowledge of this topic. Among intrinsic and extrinsic benefits, we have.

  • Higher growth potential, as certifications are a big plus.
  • Discounts and deals in Microsoft products and partners, like PluralSight and UpWork.
  • MCP Newsletters, with trending technologies.
  • Higher exposure on LinkedIn, as recruiters usually search for specific certifications.
  • Higher salary, you will be more valuable to your company.
  • Unique happiness when getting the result and you were approved, knowing that all your efforts were worth it.

Main Skills Measured by this Topic
 

What is Azure API Management?

Azure API Management is a product that integrates existing back-end services into modern API gateways, it follows the API-first approach decoupling front-end and back-end teams with the help of API mocking. Azure API Management handles the full management of your APIs, it centralizes the securing, versioning, documentation, and compliance of your back-end services in a single point.

In order to have a better understanding of API Management and the following practical examples, some key concepts have to be better explained as follows.

  • API represents a set of operations.
  • API Operation maps an API endpoint with the API backend.
  • Product is formed by a single or a group of APIs and it is how your APIs are presented to developers. Can be public or private.
  • The backend represents back-end services in your API.
  • Group, used to manage the visibility of products to developers.
    • Administrators have full access to the API Management.
    • Developers, and users with access to the developers portal with permissions to build applications.
    • Guests, and users without access to the developers portal but with reading permissions in some services.
  • Developer belongs to one or more groups in a Product, and each developer has a primary and secondary key to call the product's APIs.
  • Policies, configurations, and validations are applied on the fly in the incoming requests and outcome responses.
  • Named Values, and key-value pairs used with policies. Values can be a result of an expression.
  • Gateway, where your API calls are received and policies are applied to incoming requests.
  • Developer Portal, where developers can access all APIs and products listed by your APIM alongside its API's operations and documentation. Developers can also request access to your APIs from the developer's portal.

APIM Authentication

Azure API Management offers a basic authentication as the built-in authentication method to your APIs where the developer has to register with email and password in order to have access to an API key, then this key is used in the requests in order to authenticate the requestors. Besides the default basic authentication, you can also configure many other types of authentications as Azure AD Authentication, Google, Microsoft, and Facebook authentications, and Azure AD B2C authentication.

Azure API Management also gives you the opportunity to use your own authentication process flow in order to authenticate users, it is called delegated authentication and offers you the possibility to use your own sign-in/sign-up and production-subscription flows.

APIM Policies

API Management policies are a powerful tool to update request and response configurations on the fly, with APIM policies you are able to update basically any part of the request and response messages like headers, body, URLs, etc. Those API Management Policies can be applied in 4 different situations, as follows.

  • Inbound Policies applied policies for incoming requests.
  • Backend Policies apply policies to requests before they hit your backend.
  • Outbound Policies apply policies to responses before sending the response to the client.
  • Error Policies are applied when an error happens on the request. At the time an error happens no other policies are applied anymore, only the error policies but if other policies were applied before the error they will not be removed.

With API Management policies you can configure the incoming request to change the behavior of your APIs through a wide range of possibilities, which could be applied in one or more of the listed situations above, as follows.

  • Access Restriction Policies, like limiting call rates and bandwidth quotas or filtering incoming IPs.
  • Advanced Policies, like logging, setting variables, proxy, HTTP method, status code and etc.
  • Authentication Policies are used for basic, managed identity and client certificate authentications against the backend.
  • Caching Policies are used to get, set, or remove items from the cache.
  • Cross-domain policies used to manage CORS.
  • Transformation Policies transforming incoming and outcoming URLs, body, headers, query-string, etc.
  • Dapr Integration Policies are used to communicate with Dapr runtime.

Practical Samples
 

Create an API Management Instance

Observation: API Management instances take around 30 minutes to be activated.

Using Azure CLI

Setting variables

$resourceGroup = "APIM-RG"
$location = "westeurope"
$APIMName = "sampleAPIMClI"
$publisherName = "Thiago"
$publisherMail = "thiago.vivas@***.com"

Creating the APIM

az apim create --name $APIMName --resource-group $resourceGroup --publisher-name $publisherName --publisher-email $publisherMail --no-wait

Result

 APIM

Using Powershell

Setting variables

$resourceGroup = "APIM-RG"
$location = "westeurope"
$APIMName = "sampleAPIMPowershell"
$publisherName = "Thiago"
$publisherMail = "thiago.vivas@***.com"

Creating the APIM

New-AzApiManagement -Name $APIMName -ResourceGroupName $resourceGroup -Organization $publisherName -AdminEmail $publisherMail -Location $location

Result

Result

Developers Portal

Developers Portal

Creating a Product

Every API Management instance comes with two products as default but you can create custom products. From your API Management, go to products under APIs and add a new product.

Add

Input your new product data and create it.

 Product data

Creating an API

By default, every API Management instance comes with an Echo API. To create a new API go to APIs under APIs and click on Add API.

Creating an API

Here I selected the blank template.

Blank template

Testing the Echo API

In order to test the API, you need to sign up and subscribe to a product in order to have the keys to authenticate against the APIs.

 Echo API

Here I am using Postman in order to test the Get, passing the key into the headers. We can see a 200 success status code.

 Status code

Creating a Backend

Pre-Requisites

Web-Api Published on Azure App Services. Here we will be using this Web-API named hosted at https://webapiwithswagger.azurewebsites.net.

From your API Management, go to Backends under APIs and add a new Backend.

API Management

API management authentication

API Management Authentication here is handled by identity providers and Azure has as default a Username and password identity provider. It handles the creation of users, sending emails to validate an existent account before providing access to users. From your API Management go to Identities under Developer Portal.

Authentication

In order to authenticate with our APIs, we configure those settings under the subscription section. If the subscription required is checked it means that only users with a valid access key can use it, if not checked then it is allowed anonymous requests. Here we also configure where the API is going to receive the access keys, being able to be sent as header or query string.

APIs

API management policies

Using an outbound policy to cache the response in a Get operation inside the Echo API.

 Policies 

Result

MCII

External References