Below is our architecture
1, Frontend UI
2, Orchestrator Api ( .Net6 Api (App service)
3, Small Api's (.net 6 appservice )
Frontend will only communicate with the Orchestrator Api , Orchestrator APi will communicate with more than 3 or 4 small api for specific data.
We are looking for a solution with managed identity for orchestrator api to talk to small api's with out exchanging token or credentials / any code change in the Api?
since there more apis joining , is it possible at the resource group level instead of setting at each APi level?
is there a way to do this ? please give some pointers or web reference?
Thanks in Advance
Related
So, I was following this tutorial and successfully published the web API to both Azure App Service and Azure API Management. Then (going beyond tutorial) I added a rate-limit policy to the API in API Management service.
I tested it successfully on API management Test tab. However, if I access the App Service route URL (https://***.azurewebsites.net/) it will not throttle.
What am I missing here?
How do I make the policy active for the App Service URL?
Markus Meyer did a good job explaining how it's supposed to be used.
I think that you might benefit from this diagram showing the differences between calling your service through APIM or directly.
"What am I missing here?"
I think you're missing that API Management is a service, totally separate from you App Service. You do not "extend" the features of the App Service with APIM, you instead put APIM infront of your App Service and call your API through APIM to gain the benefits (of rate limiting in this example).
Requests to https://***.azurewebsites.net/ belong to Azure App Service.
If you want to do requests to API Management, the default hostname is azure-api.net:
https://***.azure-api.net/
If you want to use throttling from API Management, you have to the API Management URL like you did in the test tab:
I am planning to deploy multiple applications on Azure kubernetes and each application will have multiple services.
I will have Azure API management in front of the kubernetes services.
As each application will have multiple services, how do I register those services in Azure API management? Would it be one by one? Is there a way to generate swagger document for the kubernetes services and register at once?
If you want to register them as a different services, yes you need to do one by one. But there is a way You can create a single API in API Management that points to multiple different backend APIs. Use the set-backend-service policy to change the backend API for certain operations.
I was wondering how I could connect a mobile app created in ionic to azure, the app needs to interact with Dynamics CRM where all the data is. My guess is that I have to login via Azure AD , get the token, create API endpoints in Azure ( which service? ) or expose them, nd query the endpoint with the token.
Is this the right workflow?
thanx in advance
You're pretty much on the right track. You can host your API in an Azure App Service. You can also secure it by integrating Azure AD with your app service using your token. This tutorial walks through using a front-end and back-end app and securing communication with it. Since your already have a front-end, you can ignore those steps. Although the same is a .NET Core application, the same applies if you were to write your API in NodeJS or another language.
Hope this helps.
I have 2 resource in azure
- azure functions app service that will call "feedback api"
- .net core web app service that has a feedback api controller which should be only available for the function app
I would like to setup [Authorize] attribute in the controller in the way that only azure function will be able to authorise (for example with some generated key).
Is there any out of the box solution for this, and if not how can I add it?
In a multi region azure api management setup there is two different subscription keys for same api. What is the best practice client must use to pass api subscription keys so that api call works properly even if request is processed by any of the apim instance in multiregion setup.
below is response from microsoft
https://feedback.azure.com/forums/248703-api-management/suggestions/34340350-subscription-key-client-should-pass-for-api-deploy