Calling a Helper API in an Azure APIM Inbound Policy
RSS feed
Date: Mar 16, 2021
Tags: azure
Share: Share on Twitter
Azure API Management is quickly becoming one of my favorite parts of the Azure platform. From SOAP (shudder) to REST APIs, developers can quickly register and secure their existing interfaces using Azure APIM. By implementing policies, they can transform requests, validate client/subscription information, check rate limits, and a whole mess of other features. And yes, there is a policy to allow you to call a completely different API as part of your process. Let me show you!

With Azure APIM, developers can register and expose their APIs, regardless of where they are located. The built-in developer portal and subscription/products system allows for an extremely customizable consumer experience, as organizations can tailor their API offerings to their users’ needs. It's an extremely versatile tool in the Azure arsenal and one every API developer should know.

Recently, I had a client that was looking to migrate hundreds of existing APIs to Azure APIM. Part of this change would be to support their existing client credentials/logins that they validate with a home-grown API within their network. The challenge was how do they incorporate that authentication API into their APIM calls? Inbound Policies to the rescue!

I created a PoC to show how this can be done within APIM. Let’s see how I did it.

The authentication API

First, I needed to mimic their authentication API to integrate with APIM. For this, I created a MENSA-brain busting Azure Function app with logic to return a random number in the body.

    public static class GetIDFunction
        public static async Task<IActionResult> Run(
            [HttpTrigger(AuthorizationLevel.Function, "get", Route = null)] HttpRequest req,
            ILogger log)
           Random random = new Random();
            return new OkObjectResult(random.Next());

No, that's not Einstein's deepest thoughts; it's my awesome function! I deployed the Function App to my Azure subscription and made note of the Function URL.

Adding an Inbound processing policy

Next, I needed to configure my existing API registration to call my “authentication API” as part of the process. To do this, I selected my API within my APIM service and added a new policy to All operations.

In the policy XML, I selected the Send a request snippet and added the Azure Function app details and set the response-variable-name property to my-id.  Additionally, I added a Set header snippet to set the returned value to the my-id header property.

Here is the policy XML.

        <base />
        <send-request mode="new" response-variable-name="my-id" timeout="60" ignore-error="true">
        <set-header name="my-id" exists-action="append">
        <base />
        <base />
        <base />

In the Set header policy, I used the context.Variables[“my-id”] identifier to get the returned id. I then set this to a header value of the same name. Once the policy is executed, the Azure APIM request will be sent on to the backend for the API, along with the new header value.  


With the policies in place, I tested the functionality. Within the APIM portal, I selected the GetTime operation and submitted the request.

Within the Trace details, I verified the Function App was called and the value was returned.

Lastly, I verified the policy set the returned my-id value to the header.

Moving forward

With Azure APIM, you can completely control how developers consume your services. Through policies, you can transform data, validate requests, integrate backends, and probably cook the world's best cheeseburger. This powerful feature enables complex systems and architectures to be seamlessly connected, ensuring your data and process remain safe.  Good luck!

Helpful links

Here are some links to help you get started with Azure APIM Policies: