SlideShare a Scribd company logo
Azure API Management to expose backend services securely
 Microsoft MVP for Microsoft Azure
 Microsoft Certified Trainer (MCT)
 Enterprise Architect at NCS Australia
 Cloud Enthusiast
 Love to share what I learn
 What is API Management
 Azure API Management service
 Exposing backend services with AAPIM
 AAPIM developer portal
 Policies to govern APIs
 Securing APIs with AAPIM
 API Management is set of processes, tools, and policies that facilitate the lifecycle of API
in a secure & scalable manner
Data & Services
Solutions
Developers
(use APIs)
• Discover
• Learn
• Try
• SDK & Samples
Publishers
(provide APIs)
• Publish
• Secure & Protect
• Manage lifecycle
• Monitor
• Onboard developers
• Monetize
APIs
 Key attributes of API Management
Creation
Creation of APIs including
revisions & versions
Monitoring
Monitor to track usage,
performance and issues
Optimization
Improving API performance,
reducing latency & enhancing
security
Security
Implementing authentication,
authorization and encryption
mechanisms
Scalability
Ensuring that APIs can adjust
with the scaling demand
Governance
Policies & guidelines to
manage & control APIs across
the organization
Lifecycle
Management of operations
from creation to retirement
Deployment
Deployment of APIs to be
accessed by clients in a
controlled manner
 Key components of API Management Solution
API Gateway
• Act as a façade to backend services
• Gateway operations
• Routing
• Security
• Throttling
• Caching
• Observability
Management Plane
• Tools for management tasks
• Creation
• Modification
• Lifecycle management
Developer Portal
• Tools for developers
• Documentation
• Testing tools
• Self-service operations
Data & Services
Developers
(use APIs)
Publishers
(provide APIs)
Solutions
APIs
Developer
Portal
API Gateway
Management
Plane
 Various options to publish & manage APIs
Design
Develop
Secure
Publish
Scale
Monitor
Analyse
API
lifecycle
Products
• Containers that contain one or more APIs
• Can be subscribed by developers
Subscriptions
• Allow the API to identify the caller, via a
subscription key
• Can be used to enforce additional security
• Can apply various policies based on the
product/subscription
 Developer portal is a fully customizable website that serves as the documentation hub for
your APIs
Self-service sign in Subscribe to API Products API documentation Test APIs
 Policies allow you to modify the behavior of APIs by applying collection of statements to
requests and responses
Inbound Policies
• Statements applied to incoming requests
Backend Policies
• Statements applied before forwarding requests to backend service
Outbound Policies
• Statements applied to the resource
On-error Policies
• Statements executed if there is an error condition
 Policy scopes
Global
Product
API
Operation
 1. Security options provided for API publishers
Authentication/ Authorization
• Entra ID
Access Control
• Azure Role Based Access Control (RBAC)
• Azure APIOps pipelines
Management
Plane
Publishers
(provide APIs)
API with DevSecOps
APIM with APIOps
 2. Security options provided for developers to access developer portal
Authentication/ Authorization
• Anonymous (Guest) access
• Username/Password
• Entra ID
• Azure AD B2C
Access Control
• Access to API Products with subscriptions
• Administrator approval for selected products
Developer
Portal
Developers
(use APIs)
 3. Security options for solutions that consume AAPIM APIs
Authentication/ Authorization
• Key
• OAuth2 & OpenID Connect
• Client certificate
Access Control
• Subscription keys
• IP Filter policies
• Rate limit policies
• Quota policies
API Gateway
OAuth 2 with Entra App Registration
 4. Security options for backend APIs
 Access restrictions
 Private endpoints
 VNET/NSG integration
API Gateway
 Front Door as a global endpoint
 WAF with security policies
 Private endpoints to traverse traffic
within the MS backbone network
 APIOps to automate deployment
Azure API Management to expose backend services securely

More Related Content

Similar to Azure API Management to expose backend services securely

Exposing services with Azure API Management
Exposing services with Azure API ManagementExposing services with Azure API Management
Exposing services with Azure API Management
Callon Campbell
 
Azure API Management.pptx
Azure API Management.pptxAzure API Management.pptx
Azure API Management.pptx
DynatechSystems3
 
How to Achieve Agile API Security
How to Achieve Agile API SecurityHow to Achieve Agile API Security
How to Achieve Agile API Security
Apigee | Google Cloud
 
Managing the Complexity of Microservices Deployments
Managing the Complexity of Microservices DeploymentsManaging the Complexity of Microservices Deployments
Managing the Complexity of Microservices Deployments
Apigee | Google Cloud
 
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024
ThousandEyes
 
Creating an app ecosystem for your APIs
Creating an app ecosystem for your APIsCreating an app ecosystem for your APIs
Creating an app ecosystem for your APIs
WaveMaker, Inc.
 
APImetrics Product Introduction
APImetrics Product IntroductionAPImetrics Product Introduction
APImetrics Product Introduction
viafo
 
Grand tour of Azure API Management.pdf
Grand tour of Azure API Management.pdfGrand tour of Azure API Management.pdf
Grand tour of Azure API Management.pdf
Sherman37
 
Webcast: Apigee Edge Product Demo
Webcast: Apigee Edge Product DemoWebcast: Apigee Edge Product Demo
Webcast: Apigee Edge Product Demo
Apigee | Google Cloud
 
Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0
sflynn073
 
Open Banking & Open Insurance
Open Banking & Open InsuranceOpen Banking & Open Insurance
Open Banking & Open Insurance
Amazon Web Services
 
Modernize Service-Oriented Architecture with APIs
Modernize Service-Oriented Architecture with APIsModernize Service-Oriented Architecture with APIs
Modernize Service-Oriented Architecture with APIs
Apigee | Google Cloud
 
Secure and Optimize APIs using Azure API Management
Secure and Optimize APIs using Azure API ManagementSecure and Optimize APIs using Azure API Management
Secure and Optimize APIs using Azure API Management
BizTalk360
 
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
apidays
 
Extend soa with api management Sangam18
Extend soa with api management Sangam18Extend soa with api management Sangam18
Extend soa with api management Sangam18
Vinay Kumar
 
Implement API Gateway using Azure API Management
Implement API Gateway using Azure API ManagementImplement API Gateway using Azure API Management
Implement API Gateway using Azure API Management
Alexander Laysha
 
Transforming Your Business Through APIs
Transforming Your Business Through APIsTransforming Your Business Through APIs
Transforming Your Business Through APIs
Apigee | Google Cloud
 
API Security Lifecycle
API Security LifecycleAPI Security Lifecycle
API Security Lifecycle
Apigee | Google Cloud
 
Applying AI to API Testing across the lifecycle - Integration Tuesdays -Final...
Applying AI to API Testing across the lifecycle - Integration Tuesdays -Final...Applying AI to API Testing across the lifecycle - Integration Tuesdays -Final...
Applying AI to API Testing across the lifecycle - Integration Tuesdays -Final...
jparra9
 
AAIC Cloud Engineering and DevOps overview v2.3.pdf
AAIC Cloud Engineering and DevOps overview v2.3.pdfAAIC Cloud Engineering and DevOps overview v2.3.pdf
AAIC Cloud Engineering and DevOps overview v2.3.pdf
AppliedAIConsulting
 

Similar to Azure API Management to expose backend services securely (20)

Exposing services with Azure API Management
Exposing services with Azure API ManagementExposing services with Azure API Management
Exposing services with Azure API Management
 
Azure API Management.pptx
Azure API Management.pptxAzure API Management.pptx
Azure API Management.pptx
 
How to Achieve Agile API Security
How to Achieve Agile API SecurityHow to Achieve Agile API Security
How to Achieve Agile API Security
 
Managing the Complexity of Microservices Deployments
Managing the Complexity of Microservices DeploymentsManaging the Complexity of Microservices Deployments
Managing the Complexity of Microservices Deployments
 
New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024New ThousandEyes Product Features and Release Highlights: March 2024
New ThousandEyes Product Features and Release Highlights: March 2024
 
Creating an app ecosystem for your APIs
Creating an app ecosystem for your APIsCreating an app ecosystem for your APIs
Creating an app ecosystem for your APIs
 
APImetrics Product Introduction
APImetrics Product IntroductionAPImetrics Product Introduction
APImetrics Product Introduction
 
Grand tour of Azure API Management.pdf
Grand tour of Azure API Management.pdfGrand tour of Azure API Management.pdf
Grand tour of Azure API Management.pdf
 
Webcast: Apigee Edge Product Demo
Webcast: Apigee Edge Product DemoWebcast: Apigee Edge Product Demo
Webcast: Apigee Edge Product Demo
 
Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0
 
Open Banking & Open Insurance
Open Banking & Open InsuranceOpen Banking & Open Insurance
Open Banking & Open Insurance
 
Modernize Service-Oriented Architecture with APIs
Modernize Service-Oriented Architecture with APIsModernize Service-Oriented Architecture with APIs
Modernize Service-Oriented Architecture with APIs
 
Secure and Optimize APIs using Azure API Management
Secure and Optimize APIs using Azure API ManagementSecure and Optimize APIs using Azure API Management
Secure and Optimize APIs using Azure API Management
 
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
 
Extend soa with api management Sangam18
Extend soa with api management Sangam18Extend soa with api management Sangam18
Extend soa with api management Sangam18
 
Implement API Gateway using Azure API Management
Implement API Gateway using Azure API ManagementImplement API Gateway using Azure API Management
Implement API Gateway using Azure API Management
 
Transforming Your Business Through APIs
Transforming Your Business Through APIsTransforming Your Business Through APIs
Transforming Your Business Through APIs
 
API Security Lifecycle
API Security LifecycleAPI Security Lifecycle
API Security Lifecycle
 
Applying AI to API Testing across the lifecycle - Integration Tuesdays -Final...
Applying AI to API Testing across the lifecycle - Integration Tuesdays -Final...Applying AI to API Testing across the lifecycle - Integration Tuesdays -Final...
Applying AI to API Testing across the lifecycle - Integration Tuesdays -Final...
 
AAIC Cloud Engineering and DevOps overview v2.3.pdf
AAIC Cloud Engineering and DevOps overview v2.3.pdfAAIC Cloud Engineering and DevOps overview v2.3.pdf
AAIC Cloud Engineering and DevOps overview v2.3.pdf
 

More from Dinusha Kumarasiri

Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
Dinusha Kumarasiri
 
Migrating On-Premises Workloads with Azure Migrate
Migrating On-Premises Workloads with Azure MigrateMigrating On-Premises Workloads with Azure Migrate
Migrating On-Premises Workloads with Azure Migrate
Dinusha Kumarasiri
 
Azure Event Hubs for Kafka.pptx
Azure Event Hubs for Kafka.pptxAzure Event Hubs for Kafka.pptx
Azure Event Hubs for Kafka.pptx
Dinusha Kumarasiri
 
Future of Collaboration with Office 365.pptx
Future of Collaboration with Office 365.pptxFuture of Collaboration with Office 365.pptx
Future of Collaboration with Office 365.pptx
Dinusha Kumarasiri
 
Application Development with Azure
Application Development with AzureApplication Development with Azure
Application Development with Azure
Dinusha Kumarasiri
 
Building Data Solutions with Azure
Building Data Solutions with AzureBuilding Data Solutions with Azure
Building Data Solutions with Azure
Dinusha Kumarasiri
 
Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computing
Dinusha Kumarasiri
 
Real time communication with Azure Functions with Azure SignalR
Real time communication with Azure Functions with Azure SignalRReal time communication with Azure Functions with Azure SignalR
Real time communication with Azure Functions with Azure SignalR
Dinusha Kumarasiri
 
Azure active directory and role based access control
Azure active directory and role based access controlAzure active directory and role based access control
Azure active directory and role based access control
Dinusha Kumarasiri
 
Azure Identity and access management
Azure   Identity and access managementAzure   Identity and access management
Azure Identity and access management
Dinusha Kumarasiri
 
Step into cloud
Step into cloudStep into cloud
Step into cloud
Dinusha Kumarasiri
 
PowerApps and Flow
PowerApps and FlowPowerApps and Flow
PowerApps and Flow
Dinusha Kumarasiri
 
PowerApps with Common Data Services
PowerApps with  Common Data ServicesPowerApps with  Common Data Services
PowerApps with Common Data Services
Dinusha Kumarasiri
 
Automating Business Processes with SharePoint & Flow
Automating Business Processes with SharePoint & FlowAutomating Business Processes with SharePoint & Flow
Automating Business Processes with SharePoint & Flow
Dinusha Kumarasiri
 
ALM with SharePoint
ALM with SharePointALM with SharePoint
ALM with SharePoint
Dinusha Kumarasiri
 
Real-time web applications using SharePoint, SignalR and Azure Service Bus
Real-time web applications using SharePoint, SignalR and Azure Service BusReal-time web applications using SharePoint, SignalR and Azure Service Bus
Real-time web applications using SharePoint, SignalR and Azure Service Bus
Dinusha Kumarasiri
 
SharePoint Authentication
SharePoint AuthenticationSharePoint Authentication
SharePoint Authentication
Dinusha Kumarasiri
 
Data Loss Prevention in SharePoint 2016
Data Loss Prevention in SharePoint 2016Data Loss Prevention in SharePoint 2016
Data Loss Prevention in SharePoint 2016
Dinusha Kumarasiri
 
Introduction to SharePoint
Introduction to SharePointIntroduction to SharePoint
Introduction to SharePoint
Dinusha Kumarasiri
 
Azure notification hubs
Azure notification hubsAzure notification hubs
Azure notification hubs
Dinusha Kumarasiri
 

More from Dinusha Kumarasiri (20)

Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Migrating On-Premises Workloads with Azure Migrate
Migrating On-Premises Workloads with Azure MigrateMigrating On-Premises Workloads with Azure Migrate
Migrating On-Premises Workloads with Azure Migrate
 
Azure Event Hubs for Kafka.pptx
Azure Event Hubs for Kafka.pptxAzure Event Hubs for Kafka.pptx
Azure Event Hubs for Kafka.pptx
 
Future of Collaboration with Office 365.pptx
Future of Collaboration with Office 365.pptxFuture of Collaboration with Office 365.pptx
Future of Collaboration with Office 365.pptx
 
Application Development with Azure
Application Development with AzureApplication Development with Azure
Application Development with Azure
 
Building Data Solutions with Azure
Building Data Solutions with AzureBuilding Data Solutions with Azure
Building Data Solutions with Azure
 
Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computing
 
Real time communication with Azure Functions with Azure SignalR
Real time communication with Azure Functions with Azure SignalRReal time communication with Azure Functions with Azure SignalR
Real time communication with Azure Functions with Azure SignalR
 
Azure active directory and role based access control
Azure active directory and role based access controlAzure active directory and role based access control
Azure active directory and role based access control
 
Azure Identity and access management
Azure   Identity and access managementAzure   Identity and access management
Azure Identity and access management
 
Step into cloud
Step into cloudStep into cloud
Step into cloud
 
PowerApps and Flow
PowerApps and FlowPowerApps and Flow
PowerApps and Flow
 
PowerApps with Common Data Services
PowerApps with  Common Data ServicesPowerApps with  Common Data Services
PowerApps with Common Data Services
 
Automating Business Processes with SharePoint & Flow
Automating Business Processes with SharePoint & FlowAutomating Business Processes with SharePoint & Flow
Automating Business Processes with SharePoint & Flow
 
ALM with SharePoint
ALM with SharePointALM with SharePoint
ALM with SharePoint
 
Real-time web applications using SharePoint, SignalR and Azure Service Bus
Real-time web applications using SharePoint, SignalR and Azure Service BusReal-time web applications using SharePoint, SignalR and Azure Service Bus
Real-time web applications using SharePoint, SignalR and Azure Service Bus
 
SharePoint Authentication
SharePoint AuthenticationSharePoint Authentication
SharePoint Authentication
 
Data Loss Prevention in SharePoint 2016
Data Loss Prevention in SharePoint 2016Data Loss Prevention in SharePoint 2016
Data Loss Prevention in SharePoint 2016
 
Introduction to SharePoint
Introduction to SharePointIntroduction to SharePoint
Introduction to SharePoint
 
Azure notification hubs
Azure notification hubsAzure notification hubs
Azure notification hubs
 

Recently uploaded

Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Muhammad Ali
 
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptxDublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Kunal Gupta
 
Comparison Table of DiskWarrior Alternatives.pdf
Comparison Table of DiskWarrior Alternatives.pdfComparison Table of DiskWarrior Alternatives.pdf
Comparison Table of DiskWarrior Alternatives.pdf
Andrey Yasko
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
Priyanka Aash
 
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
Kief Morris
 
The Role of Technology in Payroll Statutory Compliance (1).pdf
The Role of Technology in Payroll Statutory Compliance (1).pdfThe Role of Technology in Payroll Statutory Compliance (1).pdf
The Role of Technology in Payroll Statutory Compliance (1).pdf
paysquare consultancy
 
Pigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending PlantPigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending Plant
LINUS PROJECTS (INDIA)
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
Zilliz
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc
 
Advanced Techniques for Cyber Security Analysis and Anomaly Detection
Advanced Techniques for Cyber Security Analysis and Anomaly DetectionAdvanced Techniques for Cyber Security Analysis and Anomaly Detection
Advanced Techniques for Cyber Security Analysis and Anomaly Detection
Bert Blevins
 
Observability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetryObservability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetry
Eric D. Schabell
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
BrainSell Technologies
 
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxRPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
SynapseIndia
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
aslasdfmkhan4750
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
Ivanti
 
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyyActive Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
RaminGhanbari2
 
DealBook of Ukraine: 2024 edition
DealBook of Ukraine: 2024 editionDealBook of Ukraine: 2024 edition
DealBook of Ukraine: 2024 edition
Yevgen Sysoyev
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
Neo4j
 
The Evolution of Remote Server Management
The Evolution of Remote Server ManagementThe Evolution of Remote Server Management
The Evolution of Remote Server Management
Bert Blevins
 

Recently uploaded (20)

Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
 
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptxDublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
 
Comparison Table of DiskWarrior Alternatives.pdf
Comparison Table of DiskWarrior Alternatives.pdfComparison Table of DiskWarrior Alternatives.pdf
Comparison Table of DiskWarrior Alternatives.pdf
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
 
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
(CISOPlatform Summit & SACON 2024) Keynote _ Power Digital Identities With AI...
 
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
 
The Role of Technology in Payroll Statutory Compliance (1).pdf
The Role of Technology in Payroll Statutory Compliance (1).pdfThe Role of Technology in Payroll Statutory Compliance (1).pdf
The Role of Technology in Payroll Statutory Compliance (1).pdf
 
Pigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending PlantPigging Unit Lubricant Oil Blending Plant
Pigging Unit Lubricant Oil Blending Plant
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
 
Advanced Techniques for Cyber Security Analysis and Anomaly Detection
Advanced Techniques for Cyber Security Analysis and Anomaly DetectionAdvanced Techniques for Cyber Security Analysis and Anomaly Detection
Advanced Techniques for Cyber Security Analysis and Anomaly Detection
 
Observability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetryObservability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetry
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
 
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxRPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
 
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyyActive Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
 
DealBook of Ukraine: 2024 edition
DealBook of Ukraine: 2024 editionDealBook of Ukraine: 2024 edition
DealBook of Ukraine: 2024 edition
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
 
The Evolution of Remote Server Management
The Evolution of Remote Server ManagementThe Evolution of Remote Server Management
The Evolution of Remote Server Management
 

Azure API Management to expose backend services securely

  • 2.  Microsoft MVP for Microsoft Azure  Microsoft Certified Trainer (MCT)  Enterprise Architect at NCS Australia  Cloud Enthusiast  Love to share what I learn
  • 3.  What is API Management  Azure API Management service  Exposing backend services with AAPIM  AAPIM developer portal  Policies to govern APIs  Securing APIs with AAPIM
  • 4.  API Management is set of processes, tools, and policies that facilitate the lifecycle of API in a secure & scalable manner Data & Services Solutions Developers (use APIs) • Discover • Learn • Try • SDK & Samples Publishers (provide APIs) • Publish • Secure & Protect • Manage lifecycle • Monitor • Onboard developers • Monetize APIs
  • 5.  Key attributes of API Management Creation Creation of APIs including revisions & versions Monitoring Monitor to track usage, performance and issues Optimization Improving API performance, reducing latency & enhancing security Security Implementing authentication, authorization and encryption mechanisms Scalability Ensuring that APIs can adjust with the scaling demand Governance Policies & guidelines to manage & control APIs across the organization Lifecycle Management of operations from creation to retirement Deployment Deployment of APIs to be accessed by clients in a controlled manner
  • 6.  Key components of API Management Solution API Gateway • Act as a façade to backend services • Gateway operations • Routing • Security • Throttling • Caching • Observability Management Plane • Tools for management tasks • Creation • Modification • Lifecycle management Developer Portal • Tools for developers • Documentation • Testing tools • Self-service operations
  • 7. Data & Services Developers (use APIs) Publishers (provide APIs) Solutions APIs Developer Portal API Gateway Management Plane
  • 8.  Various options to publish & manage APIs Design Develop Secure Publish Scale Monitor Analyse API lifecycle
  • 9. Products • Containers that contain one or more APIs • Can be subscribed by developers Subscriptions • Allow the API to identify the caller, via a subscription key • Can be used to enforce additional security • Can apply various policies based on the product/subscription
  • 10.  Developer portal is a fully customizable website that serves as the documentation hub for your APIs Self-service sign in Subscribe to API Products API documentation Test APIs
  • 11.  Policies allow you to modify the behavior of APIs by applying collection of statements to requests and responses Inbound Policies • Statements applied to incoming requests Backend Policies • Statements applied before forwarding requests to backend service Outbound Policies • Statements applied to the resource On-error Policies • Statements executed if there is an error condition
  • 13.  1. Security options provided for API publishers Authentication/ Authorization • Entra ID Access Control • Azure Role Based Access Control (RBAC) • Azure APIOps pipelines Management Plane Publishers (provide APIs) API with DevSecOps APIM with APIOps
  • 14.  2. Security options provided for developers to access developer portal Authentication/ Authorization • Anonymous (Guest) access • Username/Password • Entra ID • Azure AD B2C Access Control • Access to API Products with subscriptions • Administrator approval for selected products Developer Portal Developers (use APIs)
  • 15.  3. Security options for solutions that consume AAPIM APIs Authentication/ Authorization • Key • OAuth2 & OpenID Connect • Client certificate Access Control • Subscription keys • IP Filter policies • Rate limit policies • Quota policies API Gateway OAuth 2 with Entra App Registration
  • 16.  4. Security options for backend APIs  Access restrictions  Private endpoints  VNET/NSG integration API Gateway
  • 17.  Front Door as a global endpoint  WAF with security policies  Private endpoints to traverse traffic within the MS backbone network  APIOps to automate deployment