Azure API Management

Overview

Operations: An endpoint that is accessible from browser or HTTP request in APIM i.e. https://hovermind.com/all-pages
API: Collection of operations
Product: Collection of APIs
Policy: A series of statements that define the behavior of APIs and operations

API amangement concepts

The system is made up of the following components:

API gateway:
- Accepts API calls and routes them to your backends
- Verifies API keys, JWT tokens, certificates, and other credentials
- Enforces usage quotas and rate limits
- Caches backend responses where set up
- Logs call metadata for analytics purposes
Azure portal:
- The administrative interface where you set up your API program
- Define or import API schema
- Package APIs into products
- Set up policies like quotas or transformations on the APIs
- Get insights from analytics
- Manage users
Developer portal:
- serves as the main web presence for developers
- Read API documentation
- Try out an API via the interactive console
- Create an account and subscribe to get API keys
- Access analytics on their own usage

Each API represents a set of operations available to developers
Each API contains a reference to the back-end service that implements the API, and its operations map to the operations implemented by the back-end service
Operations in API Management are highly configurable, with control over URL mapping, query and path parameters, request and response content, and operation response caching
Rate limit, quotas, and IP restriction policies can also be implemented at the API or individual operation level

Products are how APIs are surfaced to developers
Products in API Management have one or more APIs, and are configured with a title, description, and terms of use.
Products can be Open or Protected. Protected products must be subscribed to before they can be used, while open products can be used without a subscription
When a product is ready for use by developers, it can be published. Once it is published, it can be viewed
Subscription approval is configured at the product level and can either require administrator approval, or be auto-approved

Groups are used to manage the visibility of products to developers
System groups (immutable):
- Administrators:
  - Azure subscription administrators are members of this group
  - Administrators manage API Management service instances, creating the APIs, operations, and products that are used by developers
- Developers:
  - Authenticated developer portal users fall into this group
  - Developers are the customers that build applications using your APIs
- Guests:
  - Unauthenticated developer portal users, such as prospective customers visiting the developer portal of an API Management instance fall into this group
  - They can be granted certain read-only access, such as the ability to view APIs but not call them
Custom groups:
- In addition to system groups, administrators can create custom groups or leverage external groups in associated Azure Active Directory tenants
- Custom and external groups can be used alongside system groups in giving developers visibility and access to API products

Policies are a collection of statements that are executed sequentially on the request or response of an API
Allows the Azure portal to change the behavior of the API through configuration
Policy expressions is use to define policies

Developers represent the user accounts in an API Management service instance
Developers can be created or invited to join by administrators, or they can sign up from the Developer portal
Each developer is a member of one or more groups, and can subscribe to the products that grant visibility to those groups
When developers subscribe to a product, they are granted the primary and secondary key for the product. This key is used when making calls into the product’s APIs

Throughput (requests per second) is limited by pricing tier
If limit is exceeded, 429 (too many requests) will be returned
There are 4 pricing tiers:
- Developer (for Test/PoC)
- Basic
- Standard
- Premium (for enterprise use)