CloudAcademy
  1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Configuring Azure API Management

Scenario Outline

The course is part of this learning path

AZ-203 Exam Preparation: Developing Solutions for Microsoft Azure
course-steps 16 certification 1 lab-steps 7

Contents

keyboard_tab
Introduction
3
Overview2m 25s
Configuring the Service
API Policies
14
Summary
16
play-arrow
Start course
Overview
DifficultyAdvanced
Duration54m
Students43

Description

This course deals with how to deploy, configure, and manage some keys aspects of Azure API management (APIM). In particular, we focus on the authentication mechanism and go into depth about how to set up OAuth 2.0, including creating the Azure AD required application registrations. To help with understanding and troubleshooting the OAuth flow, we utilize Postman to check and validate our configuration. Next, we take a look at how we can alter API requests at various scopes using API policies. Finally, we look at how to view effective API policies that span multiple scopes and also how to trace API policies during runtime.

Learning Objectives

  • Deploy Azure API Management and import an existing API
  • Gain an understanding of how the configure authentication against APIM using OAuth 2.0
  • Implement API policies against the imported API to alter the API request
  • Use Postman to make API requests against APIM and request and use OAuth authorization tokens
  • Secure the imported API by requiring a valid Azure AD token

Intended Audience

  • People who want to become Azure developers and who design and build cloud solutions
  • People preparing for Microsoft’s AZ-203 exam

Prerequisites

  • General knowledge of Azure

Transcript

There are a lot of components that make up the configuration of the service. Here we are going to explain what we are going to work through. We have already started the creation of the Clouddemo API in our subscription. Once this completes we are going to ingest an API provided by Microsoft. This API contains a number of API operations around getting conference data. We will then create a simple API request in Postman. From there we can create the required applications in Azure AD, I've already provisioned an Azure AD called Cyber Labs for this demo. And will expect you to have your own Azure AD or if you don't have one to configure it now. In the Azure AD we will create a backend app, a front end app along with a secret key. We will also grant the front end application permission to access the backend app. We will use the Azure Portal, the Developer Portal, and Postman to query the import of Microsoft Demo APIs using these applications. We will then add API policies and look at how we can scope and understand effective policy and how to trace these policies. Finally we will make sure that our API is secure and that requests to the API require a valid access token or bearer token from our Azure AD tenant which in this case is Cyber Labs. 

There are a lot of configuration items throughout this demo I record into Notepad To help you here is all the text. You may just want to copy it from the transcript and fill it out with your specific data as you go through the demos.

https://conferenceapi.azurewebsites.net?format=json
https://clouddemo.azure-api.net/sessions
Starter Subscription Key: 76c24a0abeb94104809b0810f74a20e5
Subscription Header: Ocp-Apim-Subscription-Key

Azure AD Tenant: mycyberlabs.onmicrosoft.com
Azure AD Tenant GUID: fc9f98a5-2d78-4a13-afa4-2ccfe88db15a

Apps
myFrontEndApp ID: 902eef25-668f-4e58-8398-f72a5da893ea
myFrontEndApp Secret Key: QZdqqvNXBxm466IvJd5ociARYInUwNyPbXJuJLP3IyE=
myBackEndApp ID: f9a45df4-6102-4f5c-a855-e2a2cbbab627

Call Back URLs
Postman Call back URL: https://www.getpostman.com/oauth2/callback
https://clouddemo.portal.azure-api.net/signin
https://clouddemo.portal.azure-api.net/docs/services/cyberlabs/console/oauth2/authorizationcode/callback
https://clouddemo.portal.azure-api.net/signin-aad

Endpoints
OAuth 2.0 (v1) Authorization Endpoint: https://login.microsoftonline.com/fc9f98a5-2d78-4a13-afa4-2ccfe88db15a/oauth2/authorize
OAuth 2.0 (v1) Token Endpoint: https://login.microsoftonline.com/fc9f98a5-2d78-4a13-afa4-2ccfe88db15a/oauth2/token
OpenID Connect meta document: https://login.microsoftonline.com/fc9f98a5-2d78-4a13-afa4-2ccfe88db15a/v2.0/.well-known/openid-configuration

V1
https://login.microsoftonline.com/mycyberlabs.onmicrosoft.com/.well-known/openid-configuration

postman Oauth
https://login.microsoftonline.com/fc9f98a5-2d78-4a13-afa4-2ccfe88db15a/oauth2/authorize?resource=f9a45df4-6102-4f5c-a855-e2a2cbbab627

 

https://login.microsoftonline.com/fc9f98a5-2d78-4a13-afa4-2ccfe88db15a/oauth2/authorize?resource=f9a45df4-6102-4f5c-a855-e2a2cbbab627&response_type=code&client_id=902eef25-668f-4e58-8398-f72a5da893ea&redirect_uri=https://clouddemo.portal.azure-api.net/docs/services/cyberlabs/console/oauth2/authorizationcode/callback&state=6d371201-ec30-4da0-9020-7921682ec40b

About the Author

Students512
Courses2

Matthew Quickenden is a motivated Infrastructure Consultant with over 20 years of industry experience supporting Microsoft systems and other Microsoft products and solutions. He works as a technical delivery lead managing resources, understanding and translating customer requirements and expectations into architecture, and building technical solutions. In recent years, Matthew has been focused on helping businesses consume and utilize cloud technologies with a focus on leveraging automation to rapidly deploy and manage cloud resources at scale.