hands-on lab

Azure API Management Policies and Security

Difficulty: Intermediate
Duration: Up to 1 hour and 30 minutes
Students: 1,867
Rating: 4/5
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.

Description

API Management (APIM) is Azure's API gateway service allowing you to create consistent, modern APIs for a variety of backend services. APIM provides powerful capabilities, such as rate-limiting, quotas, and security. These capabilities can be applied to existing backend services without requiring any additional code.

This lab explores some of these capabilities using a backend service hosted on Azure App Service. You will learn about APIM policies and how they can modernize legacy APIs, and add a layer of security in front of backend services. You will also learn about API Management's built-in API key facilities called subscriptions.

Learning Objectives

Upon completion of this intermediate-level lab, you will be able to:

  • Create an Azure API Management service instance
  • Create APIs in API Management
  • Use API Management policies to transform responses and secure APIs
  • Secure APIs in API Management with Subscriptions
  • Secure APIs in API Management with Client Certificates

Intended Audience

  • Candidates for Microsoft Azure Developer Certifications
  • Developers

Prerequisites

Familiarity with the following is beneficial but are not required:

  • Azure App Service
  • RESTful APIs
  • JSON
  • XML

The following content can be used to help fulfill the prerequisites:

Updates

March 1st, 2024 - Resolved Check function issue

December 19th, 2023 - Resolved container creation issue

February 1st, 2023 - Updated the instructions and screenshots to reflect the latest UI

September 22nd, 2022 - Migrated lab to use Cloud Academy Web Terminal

August 31st, 2021 - Added instructions to workaround Azure bug when modifying the OpenAPI JSON spec

Environment before

Environment after

Covered topics

Lab steps

Logging in to the Microsoft Azure Portal
Creating an Azure API Management Instance
Defining Your API in API Management
Using API Management Policies to Manipulate Responses
Authenticating Requests with API Management Subscriptions
Logging In to the Azure CLI in the Web Terminal
Securing API Management APIs with Client Certificates