Configuring Azure API Management

This course deals with how to deploy, configure, and manage some keys aspects of Azure API management (APIM). In particular, we focus on the authentication mechanism and go into depth about how to set up OAuth 2.0, including creating the Azure AD required application registrations. To help with understanding and troubleshooting the OAuth flow, we utilize Postman to check and validate our configuration.

Next, we take a look at how we can alter API requests at various scopes using API policies. Finally, we look at how to view effective API policies that span multiple scopes and also how to trace API policies during runtime.

Learning Objectives

  • Deploy Azure API Management and import an existing API
  • Gain an understanding of how the configure authentication against APIM using OAuth 2.0
  • Implement API policies against the imported API to alter the API request
  • Use Postman to make API requests against APIM and request and use OAuth authorization tokens
  • Secure the imported API by requiring a valid Azure AD token

Intended Audience



Welcome to configuring Azure API Management. My name is Matthew Quickenden, and I am going to be guiding you through some of the key features and aspects of configuring the Azure API Management resource. I have over 20 years industry experience and have recently been working with cloud and hybrid cloud technologies, with a specific focus on Azure and Azure Stack. If you have any questions, feel free to connect with me on LinkedIn, or send an email to

This course is intended for people who want to become a certified Azure developer, or who are tasked with creating and managing an Azure API Management resource. To get the most out of this course, you should have a general understanding of Microsoft Azure and be able to deploy and manage resources. Being familiar with restful APIs and having some experience using Postman and an understanding of OAuth token flow would be useful, but not essential. For this course, you do not need any knowledge of any specific development languages. 

We are going to look at what Azure API Management is and what it can do, and we will create an instance in Azure. Once we have this instance, we will look at various ways we can secure the APIs and apply policies during different stages of an API request. We will use Postman to help access and consume the service external to the Azure Portal. 

By the end of this course, you should be able to set up an instance of Azure's API Management, secure it using OAuth endpoints, apply policies to alter API requests and responses and be able to troubleshoot and trace policies being applied. Your feedback on this course is important, so please give it a rating when you're finished. Let's get started.

About the Author

Matthew Quickenden is a motivated Infrastructure Consultant with over 20 years of industry experience supporting Microsoft systems and other Microsoft products and solutions. He works as a technical delivery lead managing resources, understanding and translating customer requirements and expectations into architecture, and building technical solutions. In recent years, Matthew has been focused on helping businesses consume and utilize cloud technologies with a focus on leveraging automation to rapidly deploy and manage cloud resources at scale.