Identify requestor which call Internal Azure APIM through External Azure Gateway - azure

I do have external Azure Gateway which allows calling internal API services through internal (not public) APIM.
For billing purpose, I need to know who exactly (IP or some type of IDs) make a call.
I thought that could get this information from APIM logs.
I've tried to send custom header, with some sort of IDs, during API call - but I could not find any meaningful information in APIM diagnostic logs.
Could you please share your thoughts and suggestions, how to achieve the above goal?

You can know the requestor by pulling reports of that particular API management using rest API. Here you get option to filter the reports by User and User-Ids
reference : https://learn.microsoft.com/en-us/rest/api/apimanagement/current-ga/reports/list-by-user

Related

Azure ServiceBus REST API total messages in a queue

I have been following the Azure Service Bus REST API documentation located at https://learn.microsoft.com/en-us/rest/api/servicebus/
I'm required to know the total number of messages in a queue before reading the first message. However, I cannot see a request/command to simply get the total/count number of messages in a given queue.
Is this not possible via the REST API and only available to SDK?
Thanks
You can certainly get this information through REST API. In fact, there are two different REST APIs using which you can get this information.
Using Azure Resource Manager REST API - It is newer and recommended way to work with Service Bus Namespaces. The operation you would want to perform is Queues - Get. The response body will contain the details about the messages count. This API would require you to get an Azure AD access token which is then used for authorization.
Using Old REST API - Though not recommended but you can use old Service Bus REST API to get the information. The operation you would to perform is Get Entity. This API would require you to use your Service Bus Namespace's shared access key for authorization.
Having said this, it is still recommended that you use the SDKs instead of consuming the REST API directly as SDKs are simply wrapper over REST APIs.
Yes you can you need to access it via the management API, more specifically this https://www.nuget.org/packages/Microsoft.Azure.Management.ServiceBus.Fluent/
Here is a great link explaining exactly how to use that package and get the counters you are after
https://www.florinciubotariu.com/retrieving-number-of-messages-in-service-bus-in-net-core/

What is the azure cognitive services speech to text webhook callback IPs to whitelist?

I need to use azure cognitive services (speech to text) behind a corporate firewall. The speech to text batch processing has a callback from azure notifying once the process is complete.
(https://github.com/Azure-Samples/cognitive-services-speech-sdk/tree/master/samples/batch/csharp) - see webhookreceiver.cs
Does anyone know what azure cognitive services IP addresses that needs to be whitelisted on the corporate firewall so that i can receive the callback requests from cognitive services?
The response from the call has a resultsUrls array, which contains channel_1 and channel_0. These URL’s are accessible by anyone.
Also, the GET request from step (Make repeated GET https://centralus.cris.ai/api/speechtotext/v2.0/transcriptions/ to find out when the transcription is complete.) that retrieves the list of results is not secured, allowing with the subscription key to view them.
The URI’s / SAS exchanged are only known to you and the service. If those are not distributed further, no one else will have access.
We will have further options like VNET etc in the near future.

Can Azure Monitor call an external API such that alerts can be broadcasted to external API's?

Folks, I could not find from going through the Azure Monitor documentation whether it is possible for Azure Monitor to make an REST API call to an external API such that the alerts themselves(Not Notifications) captured by Azure Monitor can be broadcasted to external API's.
I do find that Azure Monitor exposes REST API's which are more of a pull scenario. But i am looking for a push scenario where Azure Monitor can push alerts (not notifications)
any pointers should be helpful. Thanks!
You can create alerts with action groups and specify the action type as Webhook and then provide the URI to your API endpoint.

Azure APIM as forward proxy

I am looking for some design guidance in using Azure APIM as a forward proxy between backend services (such as function apps or logic apps) and external clients.
We have a function app that processes invoice requests (for an order previously placed) from a mainframe system, does some transformations and sends them to an external party via HTTP. I have two options with the sending process.
Store external HTTP endpoint as an app setting in function app and let function app send the
transformed message directly to external party.
Send the transformed message to Azure APIM with the external HTTP endpoint set as the backend service (using set-backend-service APIM policy) and let APIM forward it to external party.
Now, are there are any real benefits with the second approach if the requirement is only to forward requests to external party from a security or operational standpoint? There are no requirements to enrich the outgoing message (add or remove headers, modify message body etc).
Personally, all I see is an extra hop with the second approach. But some of my teammates seem to think the second approach can offer some benefits in the way of analytics. There are some metrics available under APIM --> Analytics tab that lets you see the number of successful, failed requests etc. But I think this information is also available to Application Insights tied to the function app.
Just interested to see some insights around this so we can make an informed decision.
I guess using Azure API Management would be an over-engineering in your case, assuming the Azure Function is only going to be the caller of the Azure API Management instance.
Even though Azure API management provides analytics, url-rewrites, transformations, analytics etc - it makes more sense when you use it to govern the API. Ask yourself a question on, how many of the Azure API management functionalities are going to be leveraged fully in your case.
Remember Azure API management by design is an API governance tool where you can perform throttling, monetizing your API by giving access to it to different 3rd party with segregated subscription keys. In my opinion, Azure API management comes into the scene where you need to distribute some API to 3rd party applications, which clearly not in your case.

how can i detect and get email notification of traffic in azure api management

i have question regarding Azure API Management again : ).
i am using API management which is API Gateway doing HTTPS to Azure Storage REST API directly
and is there any way that i cant get email notification when there are massive requests or high latency at response ??
Thanx for reading : )
You can configure alert notifications either in the portal or via the REST API or .NET SDK to monitor for specific Azure Storage Metrics that you want.
See https://azure.microsoft.com/en-us/documentation/articles/insights-receive-alert-notifications/ for more details.
For massive requests, you might want to consider using "TotalRequests" or "TotalBillableRequests" in a specific time period.
For high response latency, you can track "AverageE2ELatency" or "AverageServerLatency" in a specific time period.
See https://azure.microsoft.com/en-us/documentation/articles/storage-monitoring-diagnosing-troubleshooting/#monitoring-performance for more details on these specific metrics and how they relate to performance monitoring.
Hope this helps.
Sriprasad's answer makes sense for configuration from the Storage side. From the API Management side, you cannot currently set a notification on any event other than the built-in ones (subscription requests, new subscriptions, application gallery requests, new issues/comments, approaching of user subscription quota limit).
You can use Log-To-Eventhub policy to log a message to event hub for every request and consume it in a custom or third party solution like AppInsights/Runscopee to fire an alert.
Refer
https://azure.microsoft.com/en-us/documentation/articles/api-management-log-to-eventhub-sample/
If your requirement is to get report/metrics from API Management you can use the management rest api's for APIM.
https://msdn.microsoft.com/en-us/library/dn781421.aspx
Specifically you might want to look at reportByAPI (which gives you useful metrics in response like callcounts, apiTimeAvg) based on which you can setup alerts/email notification.
https://msdn.microsoft.com/en-us/library/dn781421.aspx#ReportByAPI

Resources