« Back
read.

Some hands on experience with Azure API management.

My current client is about to start letting their partners use their APIs through Azure Api Management. Its quite a big step from using it just as a toy with a calculator demo as shown by Microsoft here: https://azure.microsoft.com/en-us/documentation/articles/api-management-get-started/.

So first step was to have the team responsible producing a Swagger file for their service. I told one of the web guys, "Hey, I want a nice looking Swagger file mailed to me. Its gotta be red and in size 30". Apparently he followed my instructions...

So next thing was importing this Swagger. First I tried importing it as a json-file but got some errors complaining about root level data. Sigh. Pasting the (red, size 30) text into the textbox worked better. :)

A little later, with the products setup, we did some polishing of the policies. The client has a pretty typical scenario. The service on-premise is secured by basic auth. They also wanted a few values in the body hidden for the end users. Up until a few days ago I didnt know the API Management was this flexible. But now it is, the documentation is also becoming quite useful, it was a disaster initially. But I guess that is what it takes to be able to deliver quickly, the documentation struggles a bit.

Anyway, check this awesome reference https://azure.microsoft.com/sv-se/documentation/articles/api-management-policy-reference/

What this policy does is adding basic auth towards the service we are calling. It also adds a JSON-field to the body. Awesome!
The link posted above has an example of this but it didnt work. I had to add .ToString().

So debugging a policy? How do you debug the API management? Well its described here and its really simple.

https://azure.microsoft.com/sv-se/documentation/articles/api-management-howto-api-inspector/

What is left for us now is just documenting the API (again) in this portal. I wish documentation could be imported/exported in an easier way.
We also have to figure out how we should handle different environments. Should we have two API management instances if we need a TEST-environment or just one? Neither is an optimal solution.

Will get back to this once we are finished with the setup.

comments powered by Disqus