Introduction to Azure API Management

This tutorial will guide you through the essential steps of using Azure API Management (APIM) to manage, secure, and publish your APIs. You will learn how to create an APIM instance, import an API, apply policies, and make it accessible to developers.

Prerequisites

Before you begin, ensure you have the following:

  • An Azure subscription. If you don't have one, you can sign up for a free trial.
  • A sample API that you want to expose. For this tutorial, we'll use the "Pet Store" sample API.
If you don't have a readily available API, you can easily create a simple HTTP function or use a public test API like the one provided by Swagger Petstore.

Step 1: Create an Azure API Management Instance

Follow these steps to create a new APIM instance in the Azure portal:

  1. Navigate to the Azure portal.
  2. Click on Create a resource.
  3. Search for "API Management" and select it.
  4. Click Create.
  5. Fill in the required details:
    • Subscription: Select your Azure subscription.
    • Resource group: Create a new one or select an existing one.
    • Name: A unique name for your APIM instance.
    • Location: Choose a region.
    • Operating system: Select your preferred OS.
    • Pricing tier: For testing, the Developer tier is sufficient.
  6. Click Review + create, then Create.
Deployment can take several minutes.

Step 2: Import and Publish Your First API

Once your APIM instance is deployed, you can start adding APIs.

  1. Go to your API Management resource in the Azure portal.
  2. In the left-hand menu, under APIs, select APIs.
  3. Click Add API.
  4. Choose OpenAPI from the list.
  5. Configure the following:
  6. Click Create.

Step 3: Configure Backend Service

By default, APIM uses the service URL from the OpenAPI definition. You can modify this if needed.

  1. In the APIs list, select the "Pet Store API" you just added.
  2. Go to the Settings tab.
  3. Under Gateway URL, you can see the URL where your API is exposed.
  4. The Backend service URL points to the actual API implementation. For the Swagger Petstore, this might be an internal URL or an external one. Ensure it's accessible from APIM.

Step 4: Add an API Policy

Policies allow you to transform and control the flow of requests and responses.

  1. With the "Pet Store API" selected, navigate to the Design tab.
  2. Select the All operations scope from the dropdown.
  3. In the Inbound processing section, click + Add policy.
  4. Choose Rate limit by subscription from the policy snippets.
  5. Review the XML policy code. It will look something like this: 
    <rate-limit-by-subscription calls="100" renewal-period="60" increment-condition="@(context.Subscription.Key)" />
  6. Click Save. This policy limits subscribers to 100 calls per minute.

Step 5: Test Your API

The built-in test console allows you to send requests to your API.

  1. In the "Pet Store API" view, select the Test tab.
  2. Choose an operation, for example, GET /store/inventory.
  3. Click Send. You should see the API response.
  4. Try testing operations that require authentication or parameters to understand how they work.

Step 6: Create and Publish a Product

Products are used to group APIs and offer them to developers.

  1. In the left-hand menu, under Products, select Products.
  2. Click + Add Product.
  3. Configure the product:
    • Display name: "Basic Pet Store Access"
    • Name: "basicpetstore"
    • Description: "Provides access to the Pet Store API with basic rate limits."
    • Terms of use: Add your terms.
    • Ensure Published is checked.
  4. Click Create.
  5. Once the product is created, select it and go to the APIs tab.
  6. Click + Add API and select the "Pet Store API".

Step 7: Subscribe to a Product

Developers need a subscription key to access APIs grouped within a product.

  1. In the left-hand menu, under Products, select Products.
  2. Select the "Basic Pet Store Access" product.
  3. Go to the Subscriptions tab.
  4. Click + Add Subscription.
  5. If you have users, select them. Otherwise, you can create a subscription for yourself as a test.
  6. Click Create.
  7. You will see a subscription key. This key is required to call the APIs included in this product.
When testing APIs with subscription requirements, you'll typically pass this key in the 'Ocp-Apim-Subscription-Key' header.

Step 8: Clean Up Resources

To avoid ongoing charges, it's recommended to clean up resources you no longer need.

  1. Navigate to your Resource group in the Azure portal.
  2. Select the resource group.
  3. Click Delete resource group and confirm the deletion.
This tutorial covered the basics. Azure API Management offers many more advanced features like authentication, authorization, analytics, caching, and custom policy development.