SlideShare a Scribd company logo

Azure API Management - why should I care?

J
Jouni Heikniemi

An introduction to how Azure API Management works and what are the benefits you can expect from using it.

1 of 63
AZURE API MANAGEMENT - WHY BOTHER? Jouni Heikniemi @jouniheikniemi
Azure API Management HR CRM Custom App Workflow engine … Client Application Single, unified, wonderful REST API The producer The consumer Azure On-premises Amazon? Google?
So let’s talk about APIs
Classifying APIs By intent: Data retrieval Data modification Validation Management By access policy: Private in-app Internal Public Commercial By technology: In-process binary File-based batch TCP/IP Web-ready (SOAP/REST)
Azure App Service / Web App Hey, I know how to do this?
So why do I need API Management?
Six things you might want to do… 1. Publish a single API endpoint for several applications 2. Centralize authentication and authorization 3. Protect your APIs from load with throttling and caching 4. Monitor API usage and performance systematically 5. Apply transformations etc. logic on API calls 6. Providing a friendly documentary UX for your API customers “Tools for the API Economy”
Six Seven things you might want to do… 1. Publish a single API endpoint for several applications 2. Centralize authentication and authorization 3. Protect your APIs from load with throttling and caching 4. Monitor API usage and performance systematically 5. Apply transformations etc. logic on API calls 6. Providing a friendly documentary UX for your API customers 7. Centralize your use of external APIs – “reverse API proxying”
Azure API Management HR CRM Custom App Workflow engine … Client Application Single, unified, wonderful REST API The producer The consumer
Azure API Management - why should I care?
Azure API Management - why should I care?
API Mgmt pricing • Developer edition has all the features, but no SLA • Standard edition is a bit expensive, but sufficient for most customers • If you need more data transfer capacity, just pay the data rates • If you need more API calls, scale up by paying for more units • If you need geo-distribution, VPN/ER or full Azure AD support, go Premium
Azure API Management - why should I care?
This is the old administrative experience, i.e. “publisher portal” (or the “Legacy of Apiphany”)
This experience is aimed at people using your APIs, i.e. “developer portal”
Let’s publish an API
Azure API Management - why should I care?
Azure App Service Architecture: Where are we now? Publisher Portal Developer Portal Azure API Management
Adding a new API
Azure API Management - why should I care?
No operations – nothing can be called. APIM needs to know the endpoints!
You can be quite specific here – but you don’t have to. APIM cares much less about the content of the requests/responses (for now).
Back to the developer portal…
Azure API Management - why should I care?
Can we now call it?
Managing your consumers
Taxonomy of API publishing so far API Operation - A set of endpoints served from a single backend under an URI prefix - A single method/path combination, “one action method” - Documents its interface via request/response, description etc.
Adding users into the mix API Operation - Access to a group of APIs - Is subscribed to by users Subscription User - Links a single user to a product - Possibly multiple subscriptions - Account in the developer portal - Control product availability - E.g. administrators, partners, employees… User Groups Product
Azure API Management - why should I care?
Azure API Management - why should I care?
Subscribing
Subscribing
Subscribed! Now what?
Getting into it, finally!
Six things you might want to do… 1. Publish a single API endpoint for several applications 2. Centralize authentication and authorization 3. Protect your APIs from load with throttling and caching 4. Monitor API usage and performance systematically 5. Apply transformations etc. logic on API calls 6. Providing a friendly documentary UX for your API customers
The Wonderful World of Policies
Azure API Management - why should I care?
Azure API Management - why should I care?
Forms are a poor man’s substitute for real code (even XML)!
Azure API Management - why should I care?
Throttling
What does throttling look like?
Caching
Calling external services in policies
Some examples of additional policies • Check HTTP header • Restrict caller IP • Validate JWT token • Conditional backend change • Retry • Mask URLs • Convert between JSON & XML • Find/replace • You can also call external services • … and write C#, using quite a few of libraries
The base-line 1. Global scope – e.g. error logging 2. Product scope – e.g. throttling 3. API scope – e.g. request/response manipulation 4. Operation scope – e.g. caching
Monitoring
Monitoring with Power BI Bing for: Azure API Management Power BI Solution template https://blogs.msdn.microsoft.com/apimanagement/2017/09/27/power-bi-solution-template/
You end up deploying this…
Monitoring with Power BI
What did I ignore for the sake of the demo? • How do I make sure nobody bypasses API Management? • It’s really painful to add the APIs by hand • How do I operate this configuration mess?
Securing your backend Azure API Management Azure App Service IP address restrictions Shared secrets Client certificates Azure AD (virtual network)
Securing your backend by APIM IP
Securing your backend with shared secrets
Securing your backend the enterprise ways
Not using “Add Blank API”
Swashbuckle to the rescue!
And finally, how to manage the config… API Management Management API Azure Resource Manager Git repository
Summary • API Management is awesome • But it’s a bit heavy and complicated – you need to invest both money and brains into it • There’s a lot I didn’t cover: versioning, SOAP/REST conversions, developer portal customization, blogging… • Luckily, the documentation is pretty good: https://docs.microsoft.com/en-us/azure/api-management/
Extra tips • Azure API Management UserVoice: https://feedback.azure.com/forums/248703-api-management/ • Azure API Management Roadmap: https://trello.com/b/FAA147vS/azure-api-management-product- roadmap
Azure API Management - why should I care?
Please do not forget to evaluate the session before you leave by using our Lollipolls! AND go to Darrel Miller’s API Ecosystem session tomorrow at 10:30 (in this room)!
That’s all folks! Jouni Heikniemi CEO/Consultant Offbeat Solutions Finland @jouniheikniemi jouni@offbeat.fi
Ad

Recommended

API as-a-Product with Azure API Management (APIM)
API as-a-Product with Azure API Management (APIM)API as-a-Product with Azure API Management (APIM)
API as-a-Product with Azure API Management (APIM)
Bishoy Demian
 
Secure and Optimize APIs using Azure API Management
Secure and Optimize APIs using Azure API ManagementSecure and Optimize APIs using Azure API Management
Secure and Optimize APIs using Azure API Management
BizTalk360
 
Azure api management
Azure api managementAzure api management
Azure api management
JoTechies
 
Azure API Management Update
Azure API Management UpdateAzure API Management Update
Azure API Management Update
BizTalk360
 
API Management in Azure
API Management in AzureAPI Management in Azure
API Management in Azure
Tomasso Groenendijk
 
Azure API Management
Azure API ManagementAzure API Management
Azure API Management
jeremysbrown
 
Microsoft Azure Api Management
Microsoft Azure Api ManagementMicrosoft Azure Api Management
Microsoft Azure Api Management
Vinícius Batista de Souza
 
Api management 101
Api management 101Api management 101
Api management 101
Michael Stephenson
 
Azure API management dive deep GAB2017
Azure API management dive deep GAB2017Azure API management dive deep GAB2017
Azure API management dive deep GAB2017
Jorge Arteiro
 
Build 2017 - P4034 - Agile app development with Azure API Management
Build 2017 - P4034 - Agile app development with Azure API ManagementBuild 2017 - P4034 - Agile app development with Azure API Management
Build 2017 - P4034 - Agile app development with Azure API Management
Windows Developer
 
Azure API Management
Azure API ManagementAzure API Management
Azure API Management
Daniel Toomey
 
Azure API Management - Global Azure Bootcamp 2019
Azure API Management - Global Azure Bootcamp 2019Azure API Management - Global Azure Bootcamp 2019
Azure API Management - Global Azure Bootcamp 2019
Sam Fernando
 
Azure API Apps
Azure API AppsAzure API Apps
Azure API Apps
BizTalk360
 
Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...
Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...
Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...
Tom Kerkhove
 
Implement API Gateway using Azure API Management
Implement API Gateway using Azure API ManagementImplement API Gateway using Azure API Management
Implement API Gateway using Azure API Management
Alexander Laysha
 
I Love APIs 2015: Scaling Mobile-focused Microservices at Verizon
I Love APIs 2015: Scaling Mobile-focused Microservices at VerizonI Love APIs 2015: Scaling Mobile-focused Microservices at Verizon
I Love APIs 2015: Scaling Mobile-focused Microservices at Verizon
Apigee | Google Cloud
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
Apigee | Google Cloud
 
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Nordic APIs
 
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
Nordic APIs
 
Azure app services API apps
Azure app services API appsAzure app services API apps
Azure app services API apps
Panagiotis Tsilopoulos
 
Intro to Azure Api Management - With Cats
Intro to Azure Api Management - With CatsIntro to Azure Api Management - With Cats
Intro to Azure Api Management - With Cats
Xamariners
 
Best Practices for API Design to Keep Your App Secure, Scalable & Efficient
Best Practices for API Design to Keep Your App Secure, Scalable & EfficientBest Practices for API Design to Keep Your App Secure, Scalable & Efficient
Best Practices for API Design to Keep Your App Secure, Scalable & Efficient
Nordic APIs
 
How Apigee Api Management Platform Helps with Digital Excellence
How Apigee Api Management Platform Helps with Digital ExcellenceHow Apigee Api Management Platform Helps with Digital Excellence
How Apigee Api Management Platform Helps with Digital Excellence
Ram Kumar
 
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays
 
Node.js - Extending the Programmability of Apigee Edge
Node.js - Extending the Programmability of Apigee Edge Node.js - Extending the Programmability of Apigee Edge
Node.js - Extending the Programmability of Apigee Edge
Apigee | Google Cloud
 
Public API
Public APIPublic API
Public API
Amir Zuker
 
Serverless integration - Logic Apps the most comprehensive integration service
Serverless integration - Logic Apps the most comprehensive integration serviceServerless integration - Logic Apps the most comprehensive integration service
Serverless integration - Logic Apps the most comprehensive integration service
BizTalk360
 
Integrating saas applications
Integrating saas applicationsIntegrating saas applications
Integrating saas applications
Luca Mauri
 
MuleSoft Surat Meetup#39 - Pragmatic API Led Connectivity
MuleSoft Surat Meetup#39 - Pragmatic API Led ConnectivityMuleSoft Surat Meetup#39 - Pragmatic API Led Connectivity
MuleSoft Surat Meetup#39 - Pragmatic API Led Connectivity
Jitendra Bafna
 
What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...
Kim Clark
 
Ad

More Related Content

What's hot (20)

Azure API management dive deep GAB2017
Azure API management dive deep GAB2017Azure API management dive deep GAB2017
Azure API management dive deep GAB2017
Jorge Arteiro
 
Build 2017 - P4034 - Agile app development with Azure API Management
Build 2017 - P4034 - Agile app development with Azure API ManagementBuild 2017 - P4034 - Agile app development with Azure API Management
Build 2017 - P4034 - Agile app development with Azure API Management
Windows Developer
 
Azure API Management
Azure API ManagementAzure API Management
Azure API Management
Daniel Toomey
 
Azure API Management - Global Azure Bootcamp 2019
Azure API Management - Global Azure Bootcamp 2019Azure API Management - Global Azure Bootcamp 2019
Azure API Management - Global Azure Bootcamp 2019
Sam Fernando
 
Azure API Apps
Azure API AppsAzure API Apps
Azure API Apps
BizTalk360
 
Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...
Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...
Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...
Tom Kerkhove
 
Implement API Gateway using Azure API Management
Implement API Gateway using Azure API ManagementImplement API Gateway using Azure API Management
Implement API Gateway using Azure API Management
Alexander Laysha
 
I Love APIs 2015: Scaling Mobile-focused Microservices at Verizon
I Love APIs 2015: Scaling Mobile-focused Microservices at VerizonI Love APIs 2015: Scaling Mobile-focused Microservices at Verizon
I Love APIs 2015: Scaling Mobile-focused Microservices at Verizon
Apigee | Google Cloud
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
Apigee | Google Cloud
 
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Nordic APIs
 
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
Nordic APIs
 
Azure app services API apps
Azure app services API appsAzure app services API apps
Azure app services API apps
Panagiotis Tsilopoulos
 
Intro to Azure Api Management - With Cats
Intro to Azure Api Management - With CatsIntro to Azure Api Management - With Cats
Intro to Azure Api Management - With Cats
Xamariners
 
Best Practices for API Design to Keep Your App Secure, Scalable & Efficient
Best Practices for API Design to Keep Your App Secure, Scalable & EfficientBest Practices for API Design to Keep Your App Secure, Scalable & Efficient
Best Practices for API Design to Keep Your App Secure, Scalable & Efficient
Nordic APIs
 
How Apigee Api Management Platform Helps with Digital Excellence
How Apigee Api Management Platform Helps with Digital ExcellenceHow Apigee Api Management Platform Helps with Digital Excellence
How Apigee Api Management Platform Helps with Digital Excellence
Ram Kumar
 
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays
 
Node.js - Extending the Programmability of Apigee Edge
Node.js - Extending the Programmability of Apigee Edge Node.js - Extending the Programmability of Apigee Edge
Node.js - Extending the Programmability of Apigee Edge
Apigee | Google Cloud
 
Public API
Public APIPublic API
Public API
Amir Zuker
 
Serverless integration - Logic Apps the most comprehensive integration service
Serverless integration - Logic Apps the most comprehensive integration serviceServerless integration - Logic Apps the most comprehensive integration service
Serverless integration - Logic Apps the most comprehensive integration service
BizTalk360
 
Integrating saas applications
Integrating saas applicationsIntegrating saas applications
Integrating saas applications
Luca Mauri
 
Azure API management dive deep GAB2017
Azure API management dive deep GAB2017Azure API management dive deep GAB2017
Azure API management dive deep GAB2017
Jorge Arteiro
 
Build 2017 - P4034 - Agile app development with Azure API Management
Build 2017 - P4034 - Agile app development with Azure API ManagementBuild 2017 - P4034 - Agile app development with Azure API Management
Build 2017 - P4034 - Agile app development with Azure API Management
Windows Developer
 
Azure API Management
Azure API ManagementAzure API Management
Azure API Management
Daniel Toomey
 
Azure API Management - Global Azure Bootcamp 2019
Azure API Management - Global Azure Bootcamp 2019Azure API Management - Global Azure Bootcamp 2019
Azure API Management - Global Azure Bootcamp 2019
Sam Fernando
 
Azure API Apps
Azure API AppsAzure API Apps
Azure API Apps
BizTalk360
 
Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...
Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...
Azure Lowlands 2020 - API management for microservices in a hybrid and multi-...
Tom Kerkhove
 
Implement API Gateway using Azure API Management
Implement API Gateway using Azure API ManagementImplement API Gateway using Azure API Management
Implement API Gateway using Azure API Management
Alexander Laysha
 
I Love APIs 2015: Scaling Mobile-focused Microservices at Verizon
I Love APIs 2015: Scaling Mobile-focused Microservices at VerizonI Love APIs 2015: Scaling Mobile-focused Microservices at Verizon
I Love APIs 2015: Scaling Mobile-focused Microservices at Verizon
Apigee | Google Cloud
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
Apigee | Google Cloud
 
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Nordic APIs
 
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
Nordic APIs
 
Azure app services API apps
Azure app services API appsAzure app services API apps
Azure app services API apps
Panagiotis Tsilopoulos
 
Intro to Azure Api Management - With Cats
Intro to Azure Api Management - With CatsIntro to Azure Api Management - With Cats
Intro to Azure Api Management - With Cats
Xamariners
 
Best Practices for API Design to Keep Your App Secure, Scalable & Efficient
Best Practices for API Design to Keep Your App Secure, Scalable & EfficientBest Practices for API Design to Keep Your App Secure, Scalable & Efficient
Best Practices for API Design to Keep Your App Secure, Scalable & Efficient
Nordic APIs
 
How Apigee Api Management Platform Helps with Digital Excellence
How Apigee Api Management Platform Helps with Digital ExcellenceHow Apigee Api Management Platform Helps with Digital Excellence
How Apigee Api Management Platform Helps with Digital Excellence
Ram Kumar
 
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays LIVE Hong Kong 2021 - Automating the API Product Lifecycle by Jeremy ...
apidays
 
Node.js - Extending the Programmability of Apigee Edge
Node.js - Extending the Programmability of Apigee Edge Node.js - Extending the Programmability of Apigee Edge
Node.js - Extending the Programmability of Apigee Edge
Apigee | Google Cloud
 
Public API
Public APIPublic API
Public API
Amir Zuker
 
Serverless integration - Logic Apps the most comprehensive integration service
Serverless integration - Logic Apps the most comprehensive integration serviceServerless integration - Logic Apps the most comprehensive integration service
Serverless integration - Logic Apps the most comprehensive integration service
BizTalk360
 
Integrating saas applications
Integrating saas applicationsIntegrating saas applications
Integrating saas applications
Luca Mauri
 

Similar to Azure API Management - why should I care? (20)

MuleSoft Surat Meetup#39 - Pragmatic API Led Connectivity
MuleSoft Surat Meetup#39 - Pragmatic API Led ConnectivityMuleSoft Surat Meetup#39 - Pragmatic API Led Connectivity
MuleSoft Surat Meetup#39 - Pragmatic API Led Connectivity
Jitendra Bafna
 
What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...
Kim Clark
 
API Services: Building State-of-the-Art APIs
API Services: Building State-of-the-Art APIsAPI Services: Building State-of-the-Art APIs
API Services: Building State-of-the-Art APIs
Apigee | Google Cloud
 
Creating a World-Class RESTful Web Services API
Creating a World-Class RESTful Web Services APICreating a World-Class RESTful Web Services API
Creating a World-Class RESTful Web Services API
David Keener
 
Transformation through the API
Transformation through the APITransformation through the API
Transformation through the API
Alex Danvy
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentesters
Inon Shkedy
 
Azure APIM Presentation to understand about.pptx
Azure APIM Presentation to understand about.pptxAzure APIM Presentation to understand about.pptx
Azure APIM Presentation to understand about.pptx
pythagorus143
 
Business Applications Integration In The Cloud
Business Applications Integration In The CloudBusiness Applications Integration In The Cloud
Business Applications Integration In The Cloud
Anna Brzezińska
 
The ultimate api checklist by Blendr.io
The ultimate api checklist by Blendr.ioThe ultimate api checklist by Blendr.io
The ultimate api checklist by Blendr.io
Blendr.io
 
Elevating AI Workflows: Integrating Azure API Management and Azure Functions ...
Elevating AI Workflows: Integrating Azure API Management and Azure Functions ...Elevating AI Workflows: Integrating Azure API Management and Azure Functions ...
Elevating AI Workflows: Integrating Azure API Management and Azure Functions ...
Callon Campbell
 
Developing Apps with Azure AD
Developing Apps with Azure ADDeveloping Apps with Azure AD
Developing Apps with Azure AD
SharePointRadi
 
Continuous API Strategies for Integrated Platforms
Continuous API Strategies for Integrated Platforms Continuous API Strategies for Integrated Platforms
Continuous API Strategies for Integrated Platforms
Bill Doerrfeld
 
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays
 
AWS Serverless API Management - Meetup
AWS Serverless API Management - MeetupAWS Serverless API Management - Meetup
AWS Serverless API Management - Meetup
Samuel Vandecasteele
 
Chris Mathias Presents Advanced API Design Considerations at LA CTO Forum
Chris Mathias Presents Advanced API Design Considerations at LA CTO ForumChris Mathias Presents Advanced API Design Considerations at LA CTO Forum
Chris Mathias Presents Advanced API Design Considerations at LA CTO Forum
Chris Mathias
 
Serverless API with Azure Functions
Serverless API with Azure FunctionsServerless API with Azure Functions
Serverless API with Azure Functions
Analben Mehta
 
Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0
sflynn073
 
Accidental API developer - the 12 month pregnancy to create new API
Accidental API developer - the 12 month pregnancy to create new APIAccidental API developer - the 12 month pregnancy to create new API
Accidental API developer - the 12 month pregnancy to create new API
Marjukka Niinioja
 
JOSA TechTalks - RESTful API Concepts and Best Practices
JOSA TechTalks - RESTful API Concepts and Best PracticesJOSA TechTalks - RESTful API Concepts and Best Practices
JOSA TechTalks - RESTful API Concepts and Best Practices
Jordan Open Source Association
 
Lessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptxLessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptx
apidays
 
MuleSoft Surat Meetup#39 - Pragmatic API Led Connectivity
MuleSoft Surat Meetup#39 - Pragmatic API Led ConnectivityMuleSoft Surat Meetup#39 - Pragmatic API Led Connectivity
MuleSoft Surat Meetup#39 - Pragmatic API Led Connectivity
Jitendra Bafna
 
What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...What’s behind a high quality web API? Ensure your APIs are more than just a ...
What’s behind a high quality web API? Ensure your APIs are more than just a ...
Kim Clark
 
API Services: Building State-of-the-Art APIs
API Services: Building State-of-the-Art APIsAPI Services: Building State-of-the-Art APIs
API Services: Building State-of-the-Art APIs
Apigee | Google Cloud
 
Creating a World-Class RESTful Web Services API
Creating a World-Class RESTful Web Services APICreating a World-Class RESTful Web Services API
Creating a World-Class RESTful Web Services API
David Keener
 
Transformation through the API
Transformation through the APITransformation through the API
Transformation through the API
Alex Danvy
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentesters
Inon Shkedy
 
Azure APIM Presentation to understand about.pptx
Azure APIM Presentation to understand about.pptxAzure APIM Presentation to understand about.pptx
Azure APIM Presentation to understand about.pptx
pythagorus143
 
Business Applications Integration In The Cloud
Business Applications Integration In The CloudBusiness Applications Integration In The Cloud
Business Applications Integration In The Cloud
Anna Brzezińska
 
The ultimate api checklist by Blendr.io
The ultimate api checklist by Blendr.ioThe ultimate api checklist by Blendr.io
The ultimate api checklist by Blendr.io
Blendr.io
 
Elevating AI Workflows: Integrating Azure API Management and Azure Functions ...
Elevating AI Workflows: Integrating Azure API Management and Azure Functions ...Elevating AI Workflows: Integrating Azure API Management and Azure Functions ...
Elevating AI Workflows: Integrating Azure API Management and Azure Functions ...
Callon Campbell
 
Developing Apps with Azure AD
Developing Apps with Azure ADDeveloping Apps with Azure AD
Developing Apps with Azure AD
SharePointRadi
 
Continuous API Strategies for Integrated Platforms
Continuous API Strategies for Integrated Platforms Continuous API Strategies for Integrated Platforms
Continuous API Strategies for Integrated Platforms
Bill Doerrfeld
 
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays LIVE Paris 2021 - Lessons from the API Stewardship Journey in Azure b...
apidays
 
AWS Serverless API Management - Meetup
AWS Serverless API Management - MeetupAWS Serverless API Management - Meetup
AWS Serverless API Management - Meetup
Samuel Vandecasteele
 
Chris Mathias Presents Advanced API Design Considerations at LA CTO Forum
Chris Mathias Presents Advanced API Design Considerations at LA CTO ForumChris Mathias Presents Advanced API Design Considerations at LA CTO Forum
Chris Mathias Presents Advanced API Design Considerations at LA CTO Forum
Chris Mathias
 
Serverless API with Azure Functions
Serverless API with Azure FunctionsServerless API with Azure Functions
Serverless API with Azure Functions
Analben Mehta
 
Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0
sflynn073
 
Accidental API developer - the 12 month pregnancy to create new API
Accidental API developer - the 12 month pregnancy to create new APIAccidental API developer - the 12 month pregnancy to create new API
Accidental API developer - the 12 month pregnancy to create new API
Marjukka Niinioja
 
JOSA TechTalks - RESTful API Concepts and Best Practices
JOSA TechTalks - RESTful API Concepts and Best PracticesJOSA TechTalks - RESTful API Concepts and Best Practices
JOSA TechTalks - RESTful API Concepts and Best Practices
Jordan Open Source Association
 
Lessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptxLessons learned on the Azure API Stewardship Journey.pptx
Lessons learned on the Azure API Stewardship Journey.pptx
apidays
 
Ad

Recently uploaded (20)

Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
HCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser Environments
panagenda
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
HCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser Environments
panagenda
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Ad

Azure API Management - why should I care?

  • 1. AZURE API MANAGEMENT - WHY BOTHER? Jouni Heikniemi @jouniheikniemi
  • 2. Azure API Management HR CRM Custom App Workflow engine … Client Application Single, unified, wonderful REST API The producer The consumer Azure On-premises Amazon? Google?
  • 3. So let’s talk about APIs
  • 4. Classifying APIs By intent: Data retrieval Data modification Validation Management By access policy: Private in-app Internal Public Commercial By technology: In-process binary File-based batch TCP/IP Web-ready (SOAP/REST)
  • 5. Azure App Service / Web App Hey, I know how to do this?
  • 6. So why do I need API Management?
  • 7. Six things you might want to do… 1. Publish a single API endpoint for several applications 2. Centralize authentication and authorization 3. Protect your APIs from load with throttling and caching 4. Monitor API usage and performance systematically 5. Apply transformations etc. logic on API calls 6. Providing a friendly documentary UX for your API customers “Tools for the API Economy”
  • 8. Six Seven things you might want to do… 1. Publish a single API endpoint for several applications 2. Centralize authentication and authorization 3. Protect your APIs from load with throttling and caching 4. Monitor API usage and performance systematically 5. Apply transformations etc. logic on API calls 6. Providing a friendly documentary UX for your API customers 7. Centralize your use of external APIs – “reverse API proxying”
  • 9. Azure API Management HR CRM Custom App Workflow engine … Client Application Single, unified, wonderful REST API The producer The consumer
  • 12. API Mgmt pricing • Developer edition has all the features, but no SLA • Standard edition is a bit expensive, but sufficient for most customers • If you need more data transfer capacity, just pay the data rates • If you need more API calls, scale up by paying for more units • If you need geo-distribution, VPN/ER or full Azure AD support, go Premium
  • 14. This is the old administrative experience, i.e. “publisher portal” (or the “Legacy of Apiphany”)
  • 15. This experience is aimed at people using your APIs, i.e. “developer portal”
  • 18. Azure App Service Architecture: Where are we now? Publisher Portal Developer Portal Azure API Management
  • 21. No operations – nothing can be called. APIM needs to know the endpoints!
  • 22. You can be quite specific here – but you don’t have to. APIM cares much less about the content of the requests/responses (for now).
  • 23. Back to the developer portal…
  • 25. Can we now call it?
  • 27. Taxonomy of API publishing so far API Operation - A set of endpoints served from a single backend under an URI prefix - A single method/path combination, “one action method” - Documents its interface via request/response, description etc.
  • 28. Adding users into the mix API Operation - Access to a group of APIs - Is subscribed to by users Subscription User - Links a single user to a product - Possibly multiple subscriptions - Account in the developer portal - Control product availability - E.g. administrators, partners, employees… User Groups Product
  • 34. Getting into it, finally!
  • 35. Six things you might want to do… 1. Publish a single API endpoint for several applications 2. Centralize authentication and authorization 3. Protect your APIs from load with throttling and caching 4. Monitor API usage and performance systematically 5. Apply transformations etc. logic on API calls 6. Providing a friendly documentary UX for your API customers
  • 39. Forms are a poor man’s substitute for real code (even XML)!
  • 42. What does throttling look like?
  • 45. Some examples of additional policies • Check HTTP header • Restrict caller IP • Validate JWT token • Conditional backend change • Retry • Mask URLs • Convert between JSON & XML • Find/replace • You can also call external services • … and write C#, using quite a few of libraries
  • 46. The base-line 1. Global scope – e.g. error logging 2. Product scope – e.g. throttling 3. API scope – e.g. request/response manipulation 4. Operation scope – e.g. caching
  • 48. Monitoring with Power BI Bing for: Azure API Management Power BI Solution template https://blogs.msdn.microsoft.com/apimanagement/2017/09/27/power-bi-solution-template/
  • 49. You end up deploying this…
  • 51. What did I ignore for the sake of the demo? • How do I make sure nobody bypasses API Management? • It’s really painful to add the APIs by hand • How do I operate this configuration mess?
  • 52. Securing your backend Azure API Management Azure App Service IP address restrictions Shared secrets Client certificates Azure AD (virtual network)
  • 53. Securing your backend by APIM IP
  • 54. Securing your backend with shared secrets
  • 55. Securing your backend the enterprise ways
  • 56. Not using “Add Blank API”
  • 58. And finally, how to manage the config… API Management Management API Azure Resource Manager Git repository
  • 59. Summary • API Management is awesome • But it’s a bit heavy and complicated – you need to invest both money and brains into it • There’s a lot I didn’t cover: versioning, SOAP/REST conversions, developer portal customization, blogging… • Luckily, the documentation is pretty good: https://docs.microsoft.com/en-us/azure/api-management/
  • 60. Extra tips • Azure API Management UserVoice: https://feedback.azure.com/forums/248703-api-management/ • Azure API Management Roadmap: https://trello.com/b/FAA147vS/azure-api-management-product- roadmap
  • 62. Please do not forget to evaluate the session before you leave by using our Lollipolls! AND go to Darrel Miller’s API Ecosystem session tomorrow at 10:30 (in this room)!
  • 63. That’s all folks! Jouni Heikniemi CEO/Consultant Offbeat Solutions Finland @jouniheikniemi [email protected]