I have multiple API's which I have exposed it via Azure API Management.
I am using one instance for across various environments. So currently I am adding / updating the API's / operations manually. Also I am setting cache, rewrite url for few of these operations. But now managing these are becoming a bit of too much work.
Is there a way, when any operation contracts changes in an API, I can then build / refresh the APIM and also setup the cache, re-write url, policies etc without manual intervention in APIM?
You can consider use Swagger, the OPEN API in Azure to control the data flow with Azure API policy for security and using Azure provided REST API to provision the APIm service and use the App Service to build the backend.
General Concept Flow
AGW <> APIM <> API <> App Service
Related
I have created instance in Azure API management service and want to import 200+ APIs. Is there any way to automatically import the APIs in portal by writing script or any other way also want to create a product and group the imported APIs?
You can automate deployment of API's by using Azure APIM REST API. You will find everything there. Basically whatever you do in Azure Portal on APIM resource by clicking you can do by calling this REST API.
If you don't feel like calling REST API, you can always use Az.ApiManagement PowerShell Module or az apim Azure CLI - they have more or less the same functionality.
I guess that is it, the question is too broad to give you more specifics.
I am experimenting with Azure Functions and stumbled upon concept that I don't really know how to implement properly.
I have Serverless REST Api with Azure functions which contains different endpoints. Only one of this endpoint is meant to be public aka for customers (e.g. GET /api/items) but it also contains different endpoints that need to be triggered only from code like /api/items/sync, /api/items/external and similar. For now I have HTTP Trigger that makes request to /api/items/sync but this endpoint is also available for others aka no restrictions. I know that Azure Functions has Function & Master Keys. Is there a way how to limit these endpoints so they would work only if called from Azure Functions (Like HTTP Trigger) ?
I've received answer from "Azure Architect" slack. Azure has API Management Service which allows to secure certain endpoints and is probably the best way how to handle Azure Functions (and not only them) endpoints for public. What I've done is limited my Serverless API (Azure Function REST API) to "Function" auth type and added API Management service with appropriate route. So my Azure Function is now accessible through API Management Service and Azure Functions endpoints are not explicit.
I am currently looking at implementing feature toggles using ff4j for our application. We want to have a remote central config app which will hold all the features in it and the applications will talk to this central config app via REST to get the features. We will not be able to leverage Spring Cloud Config or Archaius for this purpose.
I went through the documentation and it seems there is a support for HttpClient (https://github.com/ff4j/ff4j/wiki/Store-Technologies#httpclient). But I couldn't find any sample for the same. Can someone please let me know if I can leverage this method to build my feature store from a REST endpoint. Also, I would appreciate if someone could point me to a sample of this.
This is a common pattern.
A component holds the Administration UI (console) and the REST API. You can call it the "Admin Component". For security reasons It may be the only component to have access to persistance unit (any of the 15 DB implementation available)
For the "admin component" HERE is sample using standAlone spring-bppt application using JDBC DB, and HERE you find a simple web application.
The REST API can be secured using credentials user/password and/or API Key. More information HERE
All microservices access the REST API as clients and request feature store. You will need the dependency ff4j-webapi-jersey2x or ff4j-webapi-jersey1x that hold the client http> Then you can define the store using :
FeatureStoreHttp storeHTT = new FeatureStoreHttp("http://localhost:9998/ff4j");
Warning : Please consider using cache to limit overhead introduce by accessing the REST API at each feature usage. More info on cache HERE
I have created some APIs in API management layer, which are essentially proxies between the calling client and an underlying web api.
I did this by importing the swagger file of the underlying API, and then adding the newly created API to a Product, repeating this for each separate proxy that I needed. This means then that the underlying API could be called but not without the subscriber key of the product that the newly created API was attached to.
Is it possible to do something similar with API apps, i.e. creating API apps using just the swagger file from the underlying API in the azure portal, that act as proxies between the calling client and an underlying web api (as below)?
Do you mind expanding on why do you need to have API Apps acting as proxies?
I am not aware of such capability for API Apps specifically. There are Swagger-based code generation tools available, for example on http://swagger.io/open-source-integrations/. So perhaps you will be able to find something that would work for you.
I am experimenting with Mule API management these days. What I come to know is we can deploy our API to one of these:
A Mule Runtime
An API Gateway
In the documentation, it is said that we should go with option 1 when we want to separate out the implementation of your API from the orchestration. What does it mean?
Can any one please explain in detail?
Policy management from API Platform and analytics generation can be achieved only by using a correctly configured API Gateway, which is a superset of Mule EE (current version is API Gateway 2.1.0 which contains Mule EE 3.7.2).
Depending on your architecture you may have different solutions.
For example:
Proxy running on API Gateway, implementation API running somewhere
else (eg. Mule EE/CE, Tomcat, cobol server, etc)
Proxy and implementation API running on the same API Gateway
Implementation API
managed directly from API Platform without using the autogenerated
proxies.
HTH :-)
Not exactly sure what they mean there, because on this page: https://developer.mulesoft.com/docs/display/current/API+Gateway they also mention this:
Note that the API Gateway, because it acts as an orchestration layer
for services and APIs implemented elsewhere, is technology-agnostic.
You can proxy non-Mule services or APIs of any kind, as long as they
expose HTTP/HTTPS, VM, Jetty, or APIkit Router endpoints. You can also
proxy APIs that you design and build with API Designer and APIkit to
the API Gateway to separate the orchestration from the implementation
of those APIs.
So both methods technically allow you to separate API from orchestration, as your API gateway application could simply proxy another Mule application elsewhere that performs the orchestration. But my understanding of the two options are:
The API gateway is a limited offering that allows you to use a subset of Mule's connectors, transports and modules such as ApiKit and HTTP, it allows you to expose and API then use http to connect to whatever backend systems you want as a proxy and perform the orchestration in the API layer.
By using the Mule runtime operation, it gives you much more flexibility and allows you to compose as many applications as you want using the full range of connectors etc. and separate out the different aspects of your applications into as many layers as you want as separately deployable entities that you can deploy to on-premise standalone instances or Cloudhub etc.
#Ryan answer is more or less on the mark, however if you do choose the Mule ESB offering you will loose out on the API Management and governance functionality that API gateway provides OOTB.
These include
Lets you enforce runtime policies and collect data for analytics
Applies policies to APIs or endpoints around security, throttling,
rate limiting, and more
Extends PingFederate to serve as identity management and OAuth
provider for your APIs
Lets you require or restrict certain behaviors in a few simple steps
Lets you add or remove policies at runtime with no API downtime
Manages access to your API by issuing contract keys
Monitors the API to confirm it is meeting all contract terms
Ensures compliance with service level agreements (SLAs)
In my opinion go with API Gateway/Manager if your API will be consumed my third party developers with whom you might not have too many interactions (think public API's) else Mule ESB should be good.
You should be able to migrate from Mule ESB to API Manager (and vice versa) also easily if you need to, so I do not think you will get locked into your decision
PS: Content copied from here