Upload
alexander-laysha
View
344
Download
9
Embed Size (px)
Citation preview
IMPLEMENT API GATEWAY USING AZURE API MANAGEMENT
ALEXANDER LAYSHA,CHIEF SOFTWARE ENGINEER AT EPAM SYSTEMS
AGENDA
• WHY WE IMEPLEMENTED API GATEWAY• INTRODUCTION TO AZURE API MANAGEMENT• DESIGN FOR PRICING TIERS• OVERVIEW OF PUBLISH AND DEVELOPER PORTALS• POLICY DISCUSSION• OPTIONS FOR SECURITY
EVOLUTION OF OUR PROJECT
UI
SOAP
REST API 1
REST API 2
REST API N
REST APIs
DEVELOPERS
APPS
BEFORE AFTER
MONOLITH APP
OUR CONCERNS IN API MANAGEMENT
• ACCESS TO PUBLIC & INTERNAL APIs• VISIBILITY OF APIs TO CUSTOMERS BASE ON PRICING TIER• CONTROL OF API USAGE BASE ON PRICING TIER• ANALYTICS OF APIs USAGE BY CUSTOMERS• FUTURE NEEDS AND GROWTH PLANS
HOW WE ADDRESSED CONCERNS?
UI
SOAP
REST API 1
REST API 2
REST API N
REST APIs
DEVELOPERS
APPS
BEFORE AFTER
MONOLITH APP
API G
ATEW
AY
A BIT ABOUT API GATEWAY & HISTORY
API GATEWAY
SERVICE
TRANSFORMATION
SECURITYUSAGE QUOTAS & LIMITS
MONETIZATION
LOGS
ANALYTICS DEV SUPPORT
VISIBILITY
• CREATE API TO EXPOSE BACK-END SERVICES
• ACTS AS REVERSE-PROXY
• VENDORS: Apigee, WSO2, MuleSoft, AWS
API Gateway, Azure API Management
INTRO TO AZURE API MANAGEMENT
API
DEVELOPER PORTAL
PUBLISHERPORTAL
PROXY
AZURE API MANAGEMENT
PUBLISHER / ADMIN
DEVELOPERS
APPS
BACKEND
Can be hosted anywhere: public
cloud or on-premises
API MANAGEMENT FEATURES
DEVELOPER PORTAL PUBLISHERPORTAL
PROXY
AZURE API MANAGEMENT
REGISTRATIONDOCUMENTATIONINTERACTIVE API CONSOLEDEVELOPER ANALYTICSAPP GALLERYFORUMSNEWSISSUESWIKI
API PUBLISHINGSUBSCRIPTION MANAGEMENTSECURITYMEDIATIONCONTENT PUBLISHINGSITE CUSTOMIZATIONISSUE MANAGEMENTANALYTICSREPORTS
SCALINGCACHINGMONITORINGTRAFFIC MANAGEMENTTRANSFORMATION
API MANAGEMENT ENTITIES
USER PRODUCTOPEN|PROTECTED
API
RATE LIMITS & QUOTAsGROUP
DEMO: OUR DESIGN FOR PRICING TIERS
TRIAL PRODUCTPROTECTED
PAID PRODUCTPROTECTED
SYS PRODUCTPROTECTED
Health Check API
LIMITS FOR TRIALSYS GROUP LIMITS FOR
PAIDTRIAL
GROUPADMIN GROUPUNLIMITED
SYS ACCOUNT
TRIAL ACCOUNT
PAID ACCOUNT
ADMIN ACCOUNT
API NAPI 2API 1
APIs
CUST
OM
ER
PRO
DUCT
S
INTERNAL USE ADMIN USE BUSINESS USE
PAID GROUP
API MANAGEMENT POLICY
“In Azure API Management, policies are a powerful capability of the system that allow the publisher to change the behavior of the API through configuration. Policies are a collection of Statements that are executed sequentially on the request or response of an API. ”
POLICY SCOPES ARE EVALUATED IN THE FOLLOWING ORDER:• Global scope• Product scope• API scope• Operation scope
POLICY TEMPLATE<policies> <inbound> <!-- statements to be applied to the request go here --> </inbound> <backend> <!-- statements to be applied before the request is forwarded to the backend service go here --> </backend> <outbound> <!-- statements to be applied to the response go here --> </outbound> <on-error> <!-- statements to be applied if there is an error condition go here --> </on-error></policies>
POLICY REFERENCE: https://docs.microsoft.com/en-us/azure/api-management/api-management-policy-reference
HOW TO DEBUG API MANAGEMENT?
• API INSPECTOR TOOLHEADER: Ocp-Apim-Trace = true
• EVENT HUB LOGGER<log-to-eventhub logger-id ='logger-id'> @( string.Join(",", DateTime.UtcNow, ...))</log-to-eventhub>
DEMO: POLICY TO DOWNLOAD A FILE
DEVELOPERS
AZURE BLOB STORAGE
CUST
OM
PO
LICY
AZURE WEB APP
AZU
RE A
PI M
ANAG
EMEN
T
URL + SAS
2
5
URL + SAS
FILE ID
3
4
FILE
FILE ID
FILE
1
6
WHAT ARE OPTIONS TO SECURE API?
• SECURITY BY OBSCURITY• BASIC AUTH• MUTUAL SSL• VNET• OAUTH 2.0• OPENID
DEMO: OUR DESIGN FOR SECURITY
DEVELOPERS AZURE API MANAGEMENT
SUBSCIPTION KEY
AZURE WEB APPs
CERT
IFIC
ATI
ON
FIL
E
BUSINESS PROCESS TO
REGISTER NEW CUSTOMER
SUBSCIPTION KEY
API NAPI 1
Q&A