Getting started with Azure API Management

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

okay welcome to this session about I sure use a sure API management and national user group Norway at today's agenda is most about what is a sure API management actually and how we can get started with it I will touch on a concept and also type it a little bit into what it can do using examples and a simple demo application happening and we also try to find out what the next step is if you want to get going with API management or in your own my name is under side and I'm working as a manager at KPMG and I'm also on a shore MVP and you can find me online mostly with the handle you can see her under silent and I'm also available on an email if that's your preferred challenge in Channel yeah what is API management's if you have questions during the session feel free to really just unmute and ask but basically API management is a place where you can manage your API it's so it's not a platform that hosts api's it's just a platform that enables you to handle a lot of the logic around making api's available what policies should be on them and so on in one service and let's be back and handle the logic which is behind the API it's also a platform as a service so it scales as needed and you can also put up auto scaling on most of the tiers we look more into that as we go along it's also great to do testing on API so you can mock up and try out api's before it's it's published to your developers it's also a platform which can secure and optimize api's so for example you can say that you have to use a subscription key to get access to DB IPA and you can also configure like IP control check which IPS applications is coming from and you can also do token validation so you can actually integrate this too for example our ID Facebook whatever to verify that the requester has the right keys to actually access the API it's also great to get insight to what's happening in your API so it's integrated with application insights which will which I also will show them off and you can can also there look at what the backend actually did during the request what kind of data was sent back and forth during during the communication and finally you can connect it to about anything so as long as the backend is accessible over Internet on HTTP for example or even on private networks if you go into the premium tier you can basically use API management to make it available and secure it worldwide and scalable as you grow so it comes in a good set of flavors the consumption here is the newest one which is more aligned to this Ovilus world where you pay as you go and only what for what you are using and your has some limits compared to the other ones but as a start-up it's it's perfect because um you don't have to do the initial commitment on quite high monthly price for the other ones and you have the developer acceleration which is which has about everything but it's it's also limited on SLA and it's also has some limits on how many requests it can handle per second but it's great to use it when you're going to test stuff and that's also the version that we are going to use in the demos today and then you have additional chairs with with different limits but they are mostly in the cases I've been working it's it's a good-enough a basic and standard premium is when you have really specific use cases there is a lot of terminology that we have to go through and if it's the first time you're working with API management some of them can be a bit different difficult to handle in the beginning at least I felt so but you have this back-end API this is what the API management service is sending your request to after it's been processed in in the service and then I have the front-end which is what the application will hit the first time it comes to the API management the instance then you have the products which will define how the API is for example going to operate depending on the subscription level so for example it could be free product the standard product or premium project and you can have different policies on each one of them and they have the operations which is the process itself within API management I have a graphic which will show this afterwards but basically you have the operations is what is going to happen from the front end through the processing on inbound hitting the back end and out on processing and back to the application you have versioning possibilities so you can have different versions of your API which is great when you continue to develop something you can have different versions from for example the primary which is version one or current maybe then you can have a beta version of the same API easily available within the same service now you have Adi developer portal which is available only in the is which is not available in the consumption version but it's a birth to a large developers can log in and test your API ice before they actually go and buy them and that's also both internal and external and then you have policies which is a really important part of API management this is thing that actually controls that your API is operating as it should be defined for example IP control checking if a user is authenticated also transforming he had her for example or the content if that's necessary during the request so let's start with the API gateway which is one of the key concepts which is really important to understand and this is the service that accepts all API calls and handles some controls them on routes them to the backends and also or sending the response packet e2d application and this is where you can also configure different post levels and you can also configure for sample caching in the gateway which is great for application or ap is which is not changing that often run on response this is also this Louis that logs everything which is going on in during a request so it works like this traffic do you have somebody requesting something in the API which will then hit the front end and the front end will land if I decide on the inbound processing where and what is going to be sent to the back end and when it hits the back end the back end will send it to the service which is actually processing a request that could be for example a national function it could be a Logica it could be basically any API or web HTTP endpoint out there and on the internet it could be an application you are developing yourself or it can be even Microsoft graph for example and then when it's finished processing it's sent back to the back end and the back end is doing outbound processing through the front end again and back to the application that make sense as far just be free to shout out if not I would just continue with the next concepts which is a portal and a developer portal that report lists where you will be defining and configuring the api's and you can also package api's into products in this portal and make it available into the developer portal this is where you also configure policies and can manage user subscriptions and so on most of your work will be going on in the azure portal at least in the beginning you can also configure everything in API management using for some proposal or just directly using rest or even arm templates but that's I think that's a quite advanced topic then you had developed portal which is as mentioned not available in the consumption plan but it's a place where developers into a little external can go in and read the documentation you have written for the API they can also try it in the console and configure subscriptions to the API is to get the subscription key if that's one of the requirements for product and you can also access some analytics data so they can also check what is going on with their own API application so the key concept of API management is then that you have some kind of API with operations configured and API management can have multiple api's and operations on an Operations level you have an option for to configure policy and you have also an option to configure policy on the API itself and we have configured that into a product which also have policies that's about everything you need to be able to make the application communicate with the API so the product which will make API publicly available and everyone can use it without any additional configuration or you can decide that you have to have a subscription to be able to use this product if you're doing configure is an application must have a subscription key you'll be able to access the API so this is everything which is in the subscript in intercept in the consumption plan of API management in the other plans you also have the concept of using groups which enables users to sign up and be a member of a group to get access to different subscriptions and so if you're not a member of a group which has access to the premium subscription for example you won't get that up in the developer portal so when a user is member of a group that has access the subscription the user can sign up for that one request a subscription key and make that available for application and then finally you have the global policy which is top-level policy on the API management instance so a policy I want to just highlight the policies a little more for that because that's a really important part of API management you have four different levels and all the levels will be processed when a request comes in so you have the global scope which is for the whole API management instance you have a product scope which will be configured to just trigger on the products that the subscription are attached to then you have the API scope which is common for the whole API group and how the operation scope so you can actually configure a different policy on each operation which is going to happen within API management and then you also have this concept of a base element so the base element of the operation scope will inherit the policies configured for the API scope and the base policy for the API scope will inherit the product scope policies and products cope will again inherit global scope and a global scope doesn't have a base element because yeah it's it's not the top right so with this isn't this is mind you can actually configure quite advanced all this that's for your API and basically do anything within API management and don't have to think about the API logic within your API management an API so access my logic within your back-end services anymore you can just handle that in API management instead this is the demo which we'll be working on the rest of the session mostly and it's a simple application I built the last fall before I had a presentation at I did have connections so it's basically a static website running in Azure which access this API servers and it's a word cloud application so it's a service where users can log into the cloud and vote for a word and you get a nice looking word cloud out in power bi which I see I have forgotten to start it so I will bring that up in a second so I think I have it within themes see this one so this one is basically a poor bi application which is leveraging a backends true API management service so when I pull a new cloud this is what I get and I can do filtering in in power bi this could also be a website but I'm not good enough developer to have written this in in web yet so that's my next project I guess but if we dive in a little bit on this one I want to show you how API management has been configured for this specific case so within API management this is a portal by the way when you're provisioned API management this is what you get and you can go in in api's and begin configuring so I have two different versions for this one and this is all operations in my IP I so for example if we could go to get cloud you can see that this is basically just a front-end with a defined path and a URL template which I bring with me into the import processing which is also config pulling this part out from the URL and sending it to a logic app the logic app is processing the request and response back to the service so if we look at this logic app which is in this resource group get work loud it's actually just an logic app with an HTTP requests action and pulls out the cloud ID and Britain gets that data from from a show storage table and responds back to your request so when this is finished it goes back into the output processing through the front end and back to the application and you have the post votes we actually show you this one afterwards you have sorry this one post well it's the same thing it has a front end which accepts posts it does some logic on it and sends it to the back end and then back to the front end and to the application so if I go to world cloud here which is really simple website I can just type one two three one two three and if we look at the console and that's word processing when you're doing that can do it one more time you can see that requests sent to my API management instance with the path for for this request so get cloud and back I get the information processed in in the logic app response you can see I get the cloud ID and a lot of more information everything processed within this logic app then I can vote for example fan submit the votes and you can see that it's really simple headers and sorry there's pretty simple post sent to the API management service which hits its auto logic app so password wrote you can see it was just processed seconds ago and this one is just putting the message to a queue and another logica will pick up from that queue and have fun so I can see actually someone in the inacol is also testing this out so I didn't type Rosenberg sure I didn't have fun but we should be able also to see this in team scratch soon that's it's it's coming in here so refresh this one come on you yeah it should be here in a second so because I have a logic app processing EQ I think it's every 10 seconds or something so Rick what cue it's been rad so it should be in the new cloud quite soon but anyway that's another demo and I can I can try to get it working out for afterwards but if we go and look a little bit at the policies we can begin with the global policy because I think that's a quite important thing and you have that one on all api's I have not configured any policies for the global scope this one so it's just forwarding the request to the back end that's all it does then you have yeah the product scope for the world cloud if I bring up here I can look at the policies and also here I have not configured anything but I could do policies here for the whole product for example I could say that in the world cloud free edition which does not require a subscription I could say that you are only allowed to for example send ten requests each second and then I could create a word cloud premium version and also configure that it requires a subscription and the policy would be that you could for example publish hundred posts each second and then you have the API scope on version 1 all operations if you look at the policies here I have somewhere for example that I can access this from anywhere I don't have configured any specific or rules for it and I also have some outbound policies which is stripping off some of the headers coming from the logic app just to just because it's not necessary to have information about the backend service out on the client application again and then on the operation itself the inbound processing for example I have a lot of stuff going on so I'm for example saying that the cloud ID is going to be picked up from a request and sent as a query parameter instead to the back-end service which is then picked up by urology kept me processed and the same thing with the post you can see that time I'm not doing that much but you can see that you're also pointing the request to the backend server since that that's actually configured in the policy for for this operation any questions this far Ifrit the shoutout now you can unmute if you want No okay I just continued on so that's the whole support of this the subscription thing is also quite important at least when you have application that's going to be rejected so in this worked route 2 version I've begun configuring the API to actually require a subscription so you can see on the settings page for this one but the products it's configured to be word cloud to so going back to the product for rollout too you see that it requires a subscription and it requires an approval to be able to get a subscription for it when you have a subscription signed up you can also go here and enable it and activate right up so when somebody signs up using even the developer portal you have to go in here afterwards and activate it and when that's in place the developer can go ahead and actually request a subscription which will give you a key for for accessing the API and the developer portal looks like this when you access this is from the report you actually signs in with the national credential so you again administrator access straight away but from here you can actually go ahead and look at the API information which is written in in the API service so for version one hair and get cloud you can see that I have configured description so I can enhance this one so using this API duration and save it you and back in a developer portal you can see that the documentation has been updated for this specific API so before I get before before you develop put this into your application you can actually go and test it so try it out and it ID is one of the required parameters so 1 2 G 1 2 3 1 2 3 cent I can actually see that it's it's working you can see which kind of response you get in all the information so you can test the API without using for example postman or actually have to put it into an application and then the same thing with post vote you can go ahead and try it so in this one I would have to write out the requests completely so I can just go ahead and copy one from the demo paste it in fun for ill and send it and see that it actually works so the developer bottle is not well will in the consumption here but if you have the developer here I find it quite useful to the debug and test API before I put it out in production for tracing I have in this case configured application insights so all requests sent to the word cloud app or cloud API it's also logged into AP in application inside if I bring it up see right one I can go here and look at all the requests sent to this API so this is logged instantly from from API management for example I can see here that it was see that vote was received and it was sent to the back in service I can also go in and see information about response-type body and also what request was and a lot of more information about the operation and activity itself and if something fails I can also get that one in in API management but I built this application quite fail-safe so I don't have a failed example available I could for example I don't have time not able to fail it anyway back to it's questions by the way about this one if not I can just show a little bit about how its configured sorry one question to see the client and IP address in this requests history if I can see the IP and information about your request yeah you can so at least you should be able to say it somewhere you can see at least Netherlands and Amsterdam fine type is blank by the way I'm not sure why but you should be able to get a lot of image information out and you can also configure to get even more information in the policies so in the policy settings for an operation or API you can build in your own auditing and logging information if you want to put out even more than one IP address can I create a test request from the developer portal no you can't because so the developer portal will be working just as an application so for example in developer portal if you have configured that you have to have a subscription or you have to have a valid token so do you actually use the API it will fail if if those requirement or requirements isn't set so the developer portal is is basically an application which can access the AP is on the same level that and the applications you would use in real life would so for example if I bring up an API have ver have configured that they have to have a valid token I think I have that for the office 365 automation yeah this one I have an API saying that they have to have be authorized to use it I think you have that on this demo one also if I try this one and sensor request without being authorized see it should fail quite fast yeah a notarized but just request is going from your local workstation or it's going from the application gateway oh yeah sorry yeah it's common it's it's coming from my my I'm pretty sure Joseph at least let's see and can try it so at the network traffic and sending sent you can see the query is coming directly from me got a saying and then if I go and login I get the token from Asher ID and send it and you can see that the workflow actually triggered on the back end just saying hell I work both so this is another policy which is quite common to implement early when you're using an API management at least for office 365 automation and it's a really simple policy which takes a lot of time to implement in an application if you would fright the API in something else than API management so while looking at this one I think I've configured this policy on the operation itself via validate gvt so see if I can bring this up in a little bit better screen Spanish so you can see it's a lot of logic going on so it's checking that control gbt this one it's validating Nativity so it's just checking that the tasks a valid token issued by the application in inertia ID and is checking it towards my own directory so as long as it alteration station header has a DVD token issued and validated by her ID I'm granted access to the application then I removes and I remove the recession header before it's being sent to the back-end service because I don't want that the information sent back so that's also a way to configure policies and I've configured this on the operation itself which means that you can have different for example you can add different token issuers for each operation we can have one on the same for all of our operations and you can also configure recent products and also the API management services itself on the top-level scope as well it's a higher flexibility so that's there's a quick overview of API management's and if I want to change this one I can basically do a copy of my current version due to configuration and switch my application to use it that's one of the way to monitor and monitor but control which API is available but you also have the concept of revisions so it's quite flexible on how to actually do change so if I bring this up to full screen again I can go here and see which fruition is configured at the moment but you can also go and create a new revision for example for this post vote so by adding a new mission and for example trying out some you fancy only see grades I will have a new revision on the current version of the API and I can go ahead and test this revision by just adding grafting in my request this is a private URL now for that version so I can go ahead and in the design process loads just make sure that saying revision to then I can go in here and try for example something else I can say I can say that this is going to be back up instead so mock response on every request with a 200 status code and content type is application Jason and then I can go and configure front-end and say that when I have a 200 response I can also just say that it's going to on application JSON have a message saying hello and save it just got the feeling that I had a tape typos in that's right say bring a postman for example you you I should be able to create the new requests and say posts and instead of doing it towards the normal and points for this one I can have duration to an impost man sand it's you can see there to get a mock to response instead that's some of the flexibility so when I'm happy with Irish volition I can go ahead and make that revision the current version is that I haven't done upgraded the API we didn't idea about management service without breaking the applications in front of course if I make this current now I will break it but you can actually go ahead and test without actually breaking something and instead of maybe doing a mock up I could actually go ahead and change which back-end I'm hitting so we can actually then build any completing you back end for that's operation tested in a revision and then make it public for around your sauce this is quite powerful powerful feature animal questions okay also name values is quite important thing especially when you're going to maybe have both a production version and a developer version of API management because then you can use named values as variables so in you can then bring right the same API configuration on both dev and test and use named values to change change the details so a name value can be everything from a it's basically a string and you can make it either secret or not secret and to reference it in API you can you can go ahead and throw it on this one use its formats here so you can see that it's getting its signature for the backend back and logic app by using a name value and this is the secret logic app are using when you're having a HTTP trigger on it so that's just one example or even in when you're using a DVT validation you could for example puts about the tenant information in the configure all in name of question and you can also put the value for the audience in in a named value then it's way simpler to move configuration back and forth between production and development there's a lot of use cases there yeah I think we can continue little bits so a few typical low-hanging use cases for rapier management is often of Microsoft 365 automation in many cases you want to create an API which can automate stuff in in Azure ad and then it's in Microsoft version 7 it's important to have that validated audited and and also secured by a shreddy then API management is great too to get it in place because it's it's basically enough to have just these lines to secure your API and then you don't have to think about that in your luggage caps or your functions and you can just say that if this workflow or this function is going to run the request has to come from a specific IP which is fairly easy to configure both for functions and loge gaps and then point it to a virtual IP for yeah API management service and this is a at least in the private versions on the developer and so on this is a public IP which is unique for this instance and it will not change unless the instance for some reason stops or it's moved or is deleted and recreated and basically that happens if for example the the subscription your subscription is suspended for example it's not paid for something and it's locked then this IP will disappear and recreate it again when the subscription is an open is opened this an IP which changed not that often and you can at least control it if it does that's one use case and also in SharePoint their parts it's great it's easy to get an application a token for already from a web part in SharePoint and then use that one in a management also teams application it's great service and easy to integrate with any web application and also teams application because they are basically a web application and just to summarize if you're building an API in any case API management will ease the process of making it available and secure for application and users so that's that's the rule basically if you if you create an API evaluate if API management services is worked it's to to secure and protect because it's really easy to get it up and running and it gives you a lot of value really fast so indeed mansion teams teams is a highly extendable platform so for example all taps is basically a web application bots is communicating with baby web api s-- and the same is true eight connectors and all personal apps messaging extensions configured in in themes so themes is one of my favorite applications at the moment for accessibility and i would say that as soon as we build anything within themes which is going to hit a lab endpoint api management could be a rescuer to to speed up the process of securing and protecting the operations happening within that team's application so for example if you have a teams but that will create new teams or going to handle some some some business logic within microsoft 365 a good case would be that that bots or a web app first hits they appear manage web api management and pushes the operation to for example logic apps which is communicating with Microsoft graph and so on and then sends requests back to two teams any questions before we begin looking at the different ways to do administration of API management No okay as mentioned our portal will be most likely will be your first meeting with API management and it's quite I think it's a good way to to configure even in production because it's it's a way simpler to do stuff in the portal and it's using a REST API or placement or even portal because III think the API and commercial commands to manage API management isn't that good yet it's a lot of different things connected together just so for example the drawing of all the moving parts within a request so all of these would have to be managed and put together before you do deployment to the API management so it's just simpler to do it directly in the portal so in in most projects I've seen that this API management services managed manually directly in the portal and and not that often through a CI or CD pipeline so I think you will be working on a quite huge project before you see all this configuration be done in encode but the the portion module is great for for example pulling out the documentation so I can just show that one and easiest way to get starter is just using the e Cloud console for a sure which is obviously not loading oh there it is you so I'm just going to first check the that I'm in the right subscription get a sure you no I'm not so good this one is running in so on could be and come on to get information about the services get a sure API management so I have to put this one into context so API context sequel's p.m. management contexts I've lived you should I will just bring up the scripts let's see you sorry about this you this you there is so the first thing you have to do is actually define which which service you're going to connect to and this is a little bit messy script but yeah you have to first say which context you're going to be in and that one is configured here so new after API management context new is it okay sorry about that one and then you have to define which resource group it is it is in and the service name and from there you can basically get what information you want about it so this is this one and it's not the right service it's e asteroid name I'm just gonna copy this one then I can finally begin to use the commands in in Usher season will then bring out all the information about my API management instance all the API is defined in it and so on and the same thing with getting information about specific API s so get a sure API management has a lot of different ones for example API which releases away will which risk provisions available and so on and you have the same set of commands with the set API management service so that's that's one of the ways you can script things in API management but personally I'm just more fan of doing it important in the portal because it's it's quite fast and it's not that often lead to changes on on an API any more questions I see that we are closing in on the defined time for this meeting is there anything on the chats you like so and I'm actually not sure I think it's maybe only HTTP at least has to go over HTTP but that's definitely something can check out Henry can get back to you on I've only used it with the HTTP at least and it's of course it's not the only service you will be using him in more advanced applications but at least for for us ap is going that are going to be accessed using HTTP it's great service but I will definitely check out that question Henry can get back to you on it anything else we can definitely have an open discussion last few minutes feel free to unmute if you want to say it instead of right you well if not I think I would just stop recording and I will definitely stay in this meeting a few minutes more just if somebody wants to discuss something without being recorded and yeah part of that thank you

Info

Channel: Azure User Group Norway

Views: 31,016

Rating: 4.7405405 out of 5

Keywords:

Id: 6DLZdw5nDHo

Channel Id: undefined

Length: 55min 26sec (3326 seconds)

Published: Wed Jan 23 2019