So, I have an API in Azure-API-Management, which is attached to a function. I want to expose one the method in API as Web-hook for another application CRM. It will be an inbound web-hook.
Is it possible ?
A webhook endpoint is like any other HTTP endpoint that usually expects a POST request from an external system. So, yes.
Depending on the CRM Application, you could leverage APIMs built-in security features to authenticate the webhook call without having to validate credentials in your function as a bonus for using APIM.
Related
I want to execute the signup user-flow in Azureb2c from an ASP.NET Core Web API instead of executing it from our frontend app. To achieve this I found an approach of using API connector.
The documentation of API-Connector says
You can use API connectors to integrate your sign-up user flows with REST APIs to customize the sign-up experience and integrate with external systems
I assume with this explanation that I can execute a user-flow defined in AzureB2C for signin-signup from a Web API as a Http Request. What that is not clear is how the API connector actually work. When we still are in development phase and want to execute the API-Connector (and execute the user-flow via this), what type of http request we are supposed to send? Will it contain the Id/password we had defined when creating the API-Connector along with the user-details that needs to be passed to signup user-flow? What the URL which we had added when creating the API-Connector will be used for?
Unfortunately there is not much data available on API-Connector apart from the Azure official documentation, which I felt a bit confusing.
I want to call this url:
https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{workflowName}/runs/{runName}/actions/{actionName}/requestHistories?api-version=2016-06-01
In order to do so:
Do I need to set up an API through API Management in the portal? Or can I call it directly?
Can it be called directly from a Single Page (Web) App? Or will it have CORS issues?
Do I need to register the web domain/app in order to do so?
The URL you are trying to call is part of Azure REST Management API. There are certain things that you would need to do before you can call these APIs. The steps are very well documented here: https://learn.microsoft.com/en-us/rest/api/azure/.
To answer your specific questions:
Do I need to set up an API through API Management in the portal? Or
can I call it directly?
You can call these APIs directly. No need to set up API management to do so.
Can it be called directly from a Single Page (Web) App? Or will it
have CORS issues?
You should be able to call these APIs directly from a SPA. You should not encounter CORS issues.
Do I need to register the web domain/app in order to do so?
No, as such there is not need to do so unless you are planning on calling these APIs from a web application. You can very well call these APIs from a console application if you like.
I'm trying to build a microservice architecture. I've learned some benefits of API gateway like: load balancing, invoking multiple microservices and aggregating the results, cache management etc. So I decided to include it in my system.
My question is whether I should implement authorization in gateway layer or separately in each microservice endpoints ? For example authenticating user on gateway and passing user claims in decrypted form to be used in authorization logic to each service call ?
It seems like it make sense and saves processing time to authorize some aggregates before even calling each service. However, authorization logic is really a concern of individual service.
What is your advice ?
each microservices endpoint. implementing the authorization in API gateway will make your system rigid. If at any later stage you have to separate logic for authorization (say, internal user, external user, open api). This will be very difficult to incorporate.
Authorization should happen at each API level.
You can use API Gateway Pattern / API Gateway. Then you can also offload the authentication/authorization responsibility of the microservice. It will be easy for user or developer that is calling the services. API GW support External /Internal GW even. It may support Role base permissions. eg: WSO2 APIM.
You will get below advantages when you have API /MS GW:
An API Gateway is the single point of entry for any microservice call.
It can work as a proxy service to route a request to the concerned microservice.
It can aggregate the results to send back to the consumer.
This solution can create a fine-grained API for each specific type of client.
It can also convert the protocol request and respond.
I'm trying to expose my SOAP service as REST using azure API management SOAP to REST feature.
The WS imports, exposes my services and works fine, but all generated REST services are exposed with POST verb. When i try to change to verb GET the method GetUsers, for example, the content does not load (I receive an OK, but without content). When i try keeping the method with the POST verb, the content loads.
Is this possible? Can i change a HTTP verb from a originally SOAP service that was exposed as REST using Azure Management API?
Thanks.
You should be able to resolve that by adding set-method policy, so that when APIM receives GET request it changes method to POST before forwarding it to backend.
Add this to your API Management policy
<set-method>POST</set-method>
I tried to implement custom Authentication via a authentication endpoint in an azure mobile app. I've created an Api Controller, that creates the Jwt using Azures AppServiceLoginHandler.CreateToken method. When I post to this controller with turned off Azure App Service Authentication, I get a token, but when I want to use it later, I always receive a "401 Unauthorized".
But when I turn the setting on in the Azure Portal, and send the very same request
I get:
The requested resource does not support http method 'GET'.
I'm not changing any code, and I'm certainly using a POST request - The exact same request, that works with turned off App Service Authentication.
My Code is essentially the same as here:
https://www.newventuresoftware.com/blog/custom-authentication-with-azure-mobile-apps
Could someone enlighten me here? Do I need additional configuration somewhere?
As adrian hall's book about Custom Authentication states as follows:
You must turn on Authentication / Authorization in your App Service. Set the Action to take when request is not authenticated to Allow Request (no action) and do not configure any of the supported authentication providers.
For custom authentication, you need to turn on the Authentication / Authorization in your app service for authenticating your token. Moreover, I would recommend you leverage fiddler to capture the network traces to narrow this issue. Additionally, you need to make sure that you send the custom login request with HTTPS. Details, you could follow this similar issue.