Start course

This course deals with how to deploy, configure, and manage some keys aspects of Azure API management (APIM). In particular, we focus on the authentication mechanism and go into depth about how to set up OAuth 2.0, including creating the Azure AD required application registrations. To help with understanding and troubleshooting the OAuth flow, we utilize Postman to check and validate our configuration.

Next, we take a look at how we can alter API requests at various scopes using API policies. Finally, we look at how to view effective API policies that span multiple scopes and also how to trace API policies during runtime.

Learning Objectives

  • Deploy Azure API Management and import an existing API
  • Gain an understanding of how the configure authentication against APIM using OAuth 2.0
  • Implement API policies against the imported API to alter the API request
  • Use Postman to make API requests against APIM and request and use OAuth authorization tokens
  • Secure the imported API by requiring a valid Azure AD token

Intended Audience



While that's provisioning, let's take a look at what the Azure API Management is. On the Microsoft website if you look up what is API Management, Microsoft defines it as API Management helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services. Businesses everywhere are looking to extend operations as a digital platform, creating new channels, finding new customers, and driving deeper engagement with existing ones. API Management provides the core competencies to ensure a successful API program through developer engagement, business insight, analytics, security, and protection. You can use Azure API Management to take any backend system and develop a fully-fledged API on top of it. 

So what does that mean? Using an API is a very common way to communicate over the internet, allowing your organization to provide services in a secure manner. You can consider APIM as a gateway service that provides a developer portal, a publisher portal, and allows developers, publishers, and applications and users to access all the content and data securely hosted in your own backend systems. 

Using API Management allows developers to easily consume APIs in different formats, including open API, which is an open standard and language agnostic, WADL XML representation of APIs, WSDL, which is SOAP representation of APIs, and other Azure-hosted services like Logic Apps, Function Apps, and API Apps. 

Once you have ingested these APIs, you can create different products, which allows you to deliver parts of these APIs to different user groups with different restrictions and options. When a user or company connects to the API Management service, they obtain a subscription. This subscription is used to help manage incoming requests. Azure API Management also offers a flexible way to version, test, and publish APIs to internal and external users. 

Some of the benefits of the Azure API Management are freedom of language choice, scalable, limit access or the number of calls, offloading security, insights for performance and troubleshooting. 

Now that we have an idea of what the Azure API Management is and can do and before we proceed with configuring the service, let's discuss the scenario of what we're going to try and achieve over the length of this course.

About the Author

Matthew Quickenden is a motivated Infrastructure Consultant with over 20 years of industry experience supporting Microsoft systems and other Microsoft products and solutions. He works as a technical delivery lead managing resources, understanding and translating customer requirements and expectations into architecture, and building technical solutions. In recent years, Matthew has been focused on helping businesses consume and utilize cloud technologies with a focus on leveraging automation to rapidly deploy and manage cloud resources at scale.