Initiallly, API Management (APIM) could only be hosted in the public cloud. Currently we can also use VNet integration to host APIM in a private VNet. You can either use external mode or internal mode. In external mode APIM can be publicly accessed. In internal mode APIM can only be accessed from within the VNet.…
To create a logic app, you use either the Logic App (Consumption) resource type or the Logic App (Standard) resource type. The Consumption resource type runs in the multi-tenant Azure Logic Apps or integration service environment, while the Standard resource type runs in single-tenant Azure Logic Apps environment.
You can use outbound policies in API Management, to specify http security headers. The exists-action should be set to “override” not “skip”, otherwise you accept the potentially wrong security headers when added by the client.
The Azure Web PubSub Service can be used for real-time messaging applications using web sockets and the publish-subscribe pattern. We use subprotocol json.webpubsub.azure.v1 to exchange messages in JSON format. The actual xml message is a passed as a string via the data node.
PaaS vNext means you can deploy Azure Web Apps, Functions, Logic Apps, API Management and EventGrid to an Arc-enabled Kubernetes cluster, so not as a PaaS offering in the public cloud. Arc-enabled means that you can run the cluster anywhere: in an Azure VM, in the Amazon cloud, on the Google cloud platform or on premises. All in your own private compute space.
There’s a new interesting feature to secure your Azure Function via a Bearer Authorization token (preview). Use the OpenAPI Extension for Functions. It’s interesting if you don’t wanna use API Management.
Example of how to validate a Json Web Token (JWT) and retrieve a value from that JWT via an API Management policy.
To parameterize a logic app with a secret value, you can use a parameter of type securestring in your logic app. In the parameter file, when specifying the value for the securestring parameter, you can refer to your keyvault instance and secretname.
To deploy an ARM template for an API Management service without using a storage account, you can use so called nested templates in your orchestrator file.
To get authorization working with an OAuth2 token v2.0 using the ValidateJWT policy in API Management, call the token endpoint with scope api://[ClientId Service]/.default.