I am new to AZure , I am just trying the few services of Azure. So, I have created one REst Service Application and now I want to add it in Azure APi Management Service. Its asking for Web Public API URL/Suffix . How I will get it ?
In the Azure API Management, the suffix is your public facing URI. It appends to https://myAPIexampleManagement.azure-api.net/.
In this case for developers to access your service which is located at http://my.backend.service.io (Your REST application) they would have to address to https://myAPIexampleManagement.azure-api.net/root
In conclusion, your Web API URL suffix can be whatever you want it to be.
Related
So, I was following this tutorial and successfully published the web API to both Azure App Service and Azure API Management. Then (going beyond tutorial) I added a rate-limit policy to the API in API Management service.
I tested it successfully on API management Test tab. However, if I access the App Service route URL (https://***.azurewebsites.net/) it will not throttle.
What am I missing here?
How do I make the policy active for the App Service URL?
Markus Meyer did a good job explaining how it's supposed to be used.
I think that you might benefit from this diagram showing the differences between calling your service through APIM or directly.
"What am I missing here?"
I think you're missing that API Management is a service, totally separate from you App Service. You do not "extend" the features of the App Service with APIM, you instead put APIM infront of your App Service and call your API through APIM to gain the benefits (of rate limiting in this example).
Requests to https://***.azurewebsites.net/ belong to Azure App Service.
If you want to do requests to API Management, the default hostname is azure-api.net:
https://***.azure-api.net/
If you want to use throttling from API Management, you have to the API Management URL like you did in the test tab:
Follow up to other question posted here:
Azure microservices: authenticating downstream APIs from B2C to Azure AD, how to configure AD?
All our apps and microservices are hosted in a AKS cluster.
Want to have a single webapp decoupled from other services: using a message broker seems a good approach.
How should a public-facing portal be setup to be able to push data down into a queue or endpoint
How can calls to specific API endpoints and microservices to and from the webapp be secured from the public FE?
How would this be configured in terms of authentication, app reg etc.?
Lets answer your questions one after another which you have.
The first question
How should a public-facing portal be setup to be able to push data down into a queue or endpoint ?
For this first we need to use a Web API to push data to Azure Service Bus Queue. You can create a new ASP.NET Core Web API project and install Azure Service Bus NuGet package. Check this document for the way to do it.
Then we can use Service Bus Queue trigger Azure function to read the message from the queue and the process it or store it depending on the requirement. Check Azure Service Bus trigger for Azure Functions for more information.
The second question
How can calls to specific API endpoints and microservices to and from the webapp be secured from the public FE ?
We can achieve this requirement by securing the front end using Application Gateway. We need to configure Application Gateway in front of the Web API.
Check this Configure App Service with Application Gateway document from Microsoft for more information.
Lastly, the third question
How would this be configured in terms of authentication, app reg etc.?
In this case we can use Azure Managed Identity. Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication.
So, we can use Azure Managed Identities with the Azure Resources like AKS. Check this Use managed identities in Azure Kubernetes Service for more information.
I have a REST point say xyz.com/getValues as a back end service. This is not a resouce of azure. I can call this end point from postman with proper BODY as a POST request. It works generally fine. Now I have got an OPEN API specification for this and I imported onto Azure API management. I set the backend service to xyz.com. But while testing it, I received 500 Internal server error. And in traces I found below error.
forward-request (139.450 ms)
{
"messages": [
"Error occured while calling backend service.",
"The remote name could not be resolved: 'xyz.com'"
]
}
There are some points I would like to mention.
I am using consumption tier of Azure API management.
xyz.com is not a public service. It is just an application deployed in company network.
I need suggestion on how to reach this as a solution. I am doing a POC and new to Azure API Management. Any help would be appreciated.
Thank you Melissa. Posting your suggestions as answer to help other community members.
Need to put non-azure API's into VNET and then you can use that in APIM on azure
We can use Non Azure APIM's
Azure Arc enabled API Management allows customers to leverage a self-hosted API gateway, that expands API Management support for hybrid and multi-cloud environments and enables Azure customers to efficiently and securely manage APIs hosted on-premises and across clouds from a single API Management service in Azure.
Click Here for VNET configuration with APIM
Check Non-Azure APIM to use APIs
Open the SO for further inputs.
I have following requirement.
Currently we have different back-end public facing API applications(Not in Azure) for each tenant. We are building a mobile application. for that we have come up with an integration layer where we invoke multiple API's from our Back-end API applications using Azure Logic Apps.
This Logic APP url's further will be integrated with API Management.
But we are looking for the possibility to reroute the request to relevant back-end api application based on tenant id which we pass as query string parameter.
Can any one please help me to understand whether Azure API gateway supports urls rerouting to external public facing applications (Backed applications are Not in Azure) ?
We are planning to move back-end applications to AZURE but not near by. Mean while we wanted to have a solution.
Currently we are storing the Host name and Tenant ID in Table storage. So based on tenant id we are fetching the host name and forming the URL with relevant host name.
Any other alternative ideas are also highly appreciable.If you need any other information please let me know?
I believe the approach you are taking is the right one. The same in APIM can be achieved by using the set-backend-service policy.
You could either fetch the hostname from table storage in APIM using the send-request policy (cache the result for better latency).
Or you can use Named Values to store the mappings and remove table storage altogether.
I want to send daily email with my application.
Background
My application has web.api which created .net core & published on Azure app api (Paas).
API has it's own authentication mechanism(JWT token) & it's used dependancy injection. It read configuration value ex. Database, Redis cache, bob storage connection string from Azure key vault
Solution
1)If i create new console application and set in web job. I have to do lot of coding for dependnecy injection and have to integrate azure valut.
2)Can i create web api in current api project but how to ensure security only azure web job can call api.
same question ::Securely calling a WebSite hosted Web API from an Azure WebJob
As you mentioned that we could use the Azure scheduled WebJob to send daily mail. Send mail demo code please refer to another SO thread.
Can i create web api in current api project but how to ensure security only azure web job can call api.
We need to use our authentication way to security our WebApi. And Azure also supply multiple ways to help us protect our WebApp. We can get more info about
Authentication and authorization for API Apps in Azure App Service from document.