Start course

This course deals with how to deploy, configure, and manage some keys aspects of Azure API management (APIM). In particular, we focus on the authentication mechanism and go into depth about how to set up OAuth 2.0, including creating the Azure AD required application registrations. To help with understanding and troubleshooting the OAuth flow, we utilize Postman to check and validate our configuration.

Next, we take a look at how we can alter API requests at various scopes using API policies. Finally, we look at how to view effective API policies that span multiple scopes and also how to trace API policies during runtime.

Learning Objectives

  • Deploy Azure API Management and import an existing API
  • Gain an understanding of how the configure authentication against APIM using OAuth 2.0
  • Implement API policies against the imported API to alter the API request
  • Use Postman to make API requests against APIM and request and use OAuth authorization tokens
  • Secure the imported API by requiring a valid Azure AD token

Intended Audience



Azure API Management provides a rich set of features to manage, control, and publish your content. During this presentation, we have published our own API using an existing API from Microsoft. We have focused on using OAuth as a method to protect your API. Using Postman has allowed us to set up and consume this service external to the Azure portal tooling. And finally, we used Azure API policies to manipulate responses. 

There are many other areas worth investigating, from using your own custom domains, using revisions and a Git repository to version and control the release of API functionality, using application insights to help track and troubleshoot performance, also creating alerts. I hope you found this content useful and it helps you create and consume your own APIs.

About the Author

Matthew Quickenden is a motivated Infrastructure Consultant with over 20 years of industry experience supporting Microsoft systems and other Microsoft products and solutions. He works as a technical delivery lead managing resources, understanding and translating customer requirements and expectations into architecture, and building technical solutions. In recent years, Matthew has been focused on helping businesses consume and utilize cloud technologies with a focus on leveraging automation to rapidly deploy and manage cloud resources at scale.