Friday, 19 July 2019

azure api . -- APIM


Azure APIM is an api gateway, Azure APIM is a platform likes---Apigee.

If you want to make an api ,usually you implement it in java or node, then you deploy it to AWS or Azure or Google cloud, then you will have an api url (with some form of security).

Now you want to have some kind of "protection" on your API .e.g you want to create different api key for different app/user/client. and you also want to have traffic control, you might also want to versioning it as well -- v1, v2. etc.

So APIM can do all of them for you, you just need to focus on implementing your API and then hook it to APIM, let APIM as your gateway. (You will need to do make sure you have some form of security to actually protect your actual API, e.g. only allowed the APIM access your API with cert, ip whitelisting or token etc.)


Create an APIM first:
https://docs.microsoft.com/en-us/azure/api-management/get-started-create-service-instance

Then create a api (mock up)
https://docs.microsoft.com/en-us/azure/api-management/mock-api-responses

Then you can test it from azure portal.

One thing you need to know APIM protected your api with api key which is called subscription.  which means you cannot call the api without it. usually you need to go to api developer portal to create an account and create a key(subscription). However you haven't done that yet, you still can test your api on Azure portal because it automatically created a special key(subscription) for you, this is a supper admin key.



---------
Share your api

Your api is up now. how to share it to the consumers to let them try? you have 2 more things to do:

1. publish the api
2. create api keys for your consumers.

To do that you will need to understand below things:

API developer portal.

As i mentioned, APIM will help you to create api key for different user/app/client, APIM does it very smartly: Once you created your api, APIM will create a website for your api, it is called --- developer portal. This is a portal to developers who want to call your api (not the azure portal).

Like Apigee. However Apigee is  a single and big platform for api consumers. In contrast, APIM create a dedicated platform(portal) for each of your api.


As i mentioned when you were testing your new api with a very special key. you should not share this key to others. what you should do is. share your api portal url to your api consumers. and ask them to create an account then submit an app, then you as an admin approval it and then they can apply for a key.

You can get your portal url here:

which looks like this:

as you can see you already logged in as an admin (if you clicked through from azure portal, because you are the api creator)


You can share this url to the api consumers and ask them to sign up.  then they can login and create an api key here:


You can see 2 products here.

The name is a little bit confusing, but please just consider what kind of api key you want to have.  which can decide what api you can call and how much call you can do (actual more than traffic, you can know more later, this link to your api policies)

then the user will be able to find the key here:



then the user can test the api with the key:






Publish your new API

You may found that the new api you created is not on the developer portal, API consumers(developers) cannot see it, only you as an admin can see it.  how to show the new api to consumers then?

You need to go back to azure portal



You will find above products. same list as we saw on developer portal's products page. Again they are not very clean, very confusing.   it should be somthing like  "API group" or "API group policy".

Basically you need to click one of them and add your new api in it.



after that, developers should be able to see this new api on the developer portal.






No comments:

Post a comment