With Azure APIM, developers can register and expose their APIs, regardless of where they are located. The built-in developer portal and subscription/products system allows for an extremely customizable consumer experience, as organizations can tailor their API offerings to their users’ needs. It's an extremely versatile tool in the Azure arsenal and one every API developer should know.
Recently, I had a client that was looking to migrate hundreds of existing APIs to Azure APIM. Part of this change would be to support their existing client credentials/logins that they validate with a home-grown API within their network. The challenge was how do they incorporate that authentication API into their APIM calls? Inbound Policies to the rescue!
I created a PoC to show how this can be done within APIM. Let’s see how I did it.
First, I needed to mimic their authentication API to integrate with APIM. For this, I created a MENSA-brain busting Azure Function app with logic to return a random number in the body.
public static class GetIDFunction
{
[FunctionName("GetIDFunction")]
public static async Task<IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "get", Route = null)] HttpRequest req,
ILogger log)
{
Random random = new Random();
return new OkObjectResult(random.Next());
}
} No, that's not Einstein's deepest thoughts; it's my awesome function! I deployed the Function App to my Azure subscription and made note of the Function URL.
Next, I needed to configure my existing API registration to call my “authentication API” as part of the process. To do this, I selected my API within my APIM service and added a new policy to All operations.
In the policy XML, I selected the Send a request snippet and added the Azure Function app details and set the response-variable-name property to my-id. Additionally, I added a Set header snippet to set the returned value to the my-id header property.
Here is the policy XML.
<policies>
<inbound>
<base />
<send-request mode="new" response-variable-name="my-id" timeout="60" ignore-error="true">
<set-url>https://bsoltisapimdemo-functionapp.azurewebsites.net/api/GetIDFunction?code=XXXXXXXXXXXXXXXXXXX</set-url>
<set-method>GET</set-method>
</send-request>
<set-header name="my-id" exists-action="append">
<value>@(((IResponse)context.Variables["my-id"]).Body.As<string>())</value>
</set-header>
</inbound>
<backend>
<base />
</backend>
<outbound>
<base />
</outbound>
<on-error>
<base />
</on-error>
</policies>
In the Set header policy, I used the context.Variables[“my-id”] identifier to get the returned id. I then set this to a header value of the same name. Once the policy is executed, the Azure APIM request will be sent on to the backend for the API, along with the new header value.
With the policies in place, I tested the functionality. Within the APIM portal, I selected the GetTime operation and submitted the request.
Within the Trace details, I verified the Function App was called and the value was returned.
Lastly, I verified the policy set the returned my-id value to the header.
With Azure APIM, you can completely control how developers consume your services. Through policies, you can transform data, validate requests, integrate backends, and probably cook the world's best cheeseburger. This powerful feature enables complex systems and architectures to be seamlessly connected, ensuring your data and process remain safe. Good luck!
Here are some links to help you get started with Azure APIM Policies: