This course deals with how to deploy, configure, and manage some keys aspects of Azure API management (APIM). In particular, we focus on the authentication mechanism and go into depth about how to set up OAuth 2.0, including creating the Azure AD required application registrations. To help with understanding and troubleshooting the OAuth flow, we utilize Postman to check and validate our configuration.
Next, we take a look at how we can alter API requests at various scopes using API policies. Finally, we look at how to view effective API policies that span multiple scopes and also how to trace API policies during runtime.
Learning Objectives
- Deploy Azure API Management and import an existing API
- Gain an understanding of how the configure authentication against APIM using OAuth 2.0
- Implement API policies against the imported API to alter the API request
- Use Postman to make API requests against APIM and request and use OAuth authorization tokens
- Secure the imported API by requiring a valid Azure AD token
Intended Audience
- People who want to become Azure developers and who design and build cloud solutions
- People preparing for Microsoft’s AZ-203 exam
Prerequisites
Because Azure API Management takes a while to deploy and become usable we're going to go to the Azure portal and kick off the provisioning process immediately. There is only one blade you need to complete to start the creation of your service which we can review now.
In this case, we can see a screenshot, where I've named it clouddemo which is appended with the .azure-api.net suffix. I've select a subscription and a resource group. I've chosen a location and given the company name. I've also entered an email address, this needs to be a valid email as you will receive emails to this based on the service and selected a pricing tier which is Developer.
If we look at the pricing details we can see that the Developer tier costs around 33 dollars a month and contains all the features we need to develop. This includes AAD Integration, virtual networks, the things you are short on, the things like redundancy. You're only in a single region and you can't scale. However, all the features you need to develop are there for any of the other tiers. Once you go into production you can change the skew of your API very easily by selecting a new skew. So with all this done, let's click create and we can let the service provision. Once the service is ready, you will receive a notification email.
Matthew Quickenden is a motivated Infrastructure Consultant with over 20 years of industry experience supporting Microsoft systems and other Microsoft products and solutions. He works as a technical delivery lead managing resources, understanding and translating customer requirements and expectations into architecture, and building technical solutions. In recent years, Matthew has been focused on helping businesses consume and utilize cloud technologies with a focus on leveraging automation to rapidly deploy and manage cloud resources at scale.