What is azure api management service
In this video we will discuss what is azure api management service and why should we use it?
Why use Azure API Management Service
First, let's understand, why should we use azure api management service. What benefits it provides. Let's understand this with a simple example.
Consider this openweathermap service (https://openweathermap.org/price). It's a very popular API that provides weather data like temprature, wind speed, himidity etc. To use this API, we have to pay a monthly fee. There is a free plan as well, but there are limits on it like
- How many calls are allowed
- What data is available and for how long etc.
With the $40 plan you can make up to 600 calls/minute and upto 10 million calls/month. This is a little less restrictive than the free plan.
To be able to use this API in the apps that we are building we need to subscribe and get an API key. We alsoe need to know the available end points, supported operations, what to pass and what we get back.
The main functionality of the API is to provide weather data. In addtion to this main functionality, the API should also have code to limit the number of calls. For example, the free plan only allows 60 calls/minute. So the API should also have code to limit the number of calls to 60/minute to prevent misuse and abuse. Like this there are several non-functional aspects that most APIs need to have, for example
- Caching response to improve performance
- Securing the API and providing access
- Documentation i.e available end points, supported operations, what to pass and what we get back
- There must be a developer portal or something that developers and partners can use to subscribe and self service i.e find documentation, code samples and even an interface to test the API calls.
- API analytics is another important aspect which obviously let's you see API usage. For example, the most and least used end points, general health of the API etc.
All these non-functional aspects of the API are provided by the azure api management service.
What is Azure API Management Service
Well, it sits on top of your backend API services, it's like a proxy to your backedn APIs. In this example, azure api management service is on top of our two back-end APIs (Weather API and Employee API). Every call to these two back-end APIs goes through azure API management service.
Azure API Management Components
Azure API Management system is made up of three main components - Azure Portal, Developer Portal and API Gateway.
Azure Portal
We already know what is Azure portal. We have been using it throughout this course to create various azure resources like virtual machines, app service instances, sql databases etc. We also use it to set up and do various things related to API management. For example, using the azure portal we can
- Define or import API schema.
- Package APIs into products.
- Set up policies like quotas or transformations on the APIs.
- Get insights from analytics.
- Manage users.
We will see these in action in our upcoming videos in this series.
Developer Portal
As the name implies, the Developer portal is for the developers who want to consume your APIs in the apps that they are building. Using it they can
- Create an account and subscribe to get API keys.
- Test the API calls.
- Read API documentation.
- Access analytics on their own usage.
API Gateway
The API gateway sits on top of your backend APIs. In the example below, API Gateway sits on top of our backend APIs (Weather and Employee APIs) and it can to the following.
- Accepts API calls and routes them to your backend APIs.
- Verifies API keys, JWT tokens, certificates, and other credentials.
- Enforces usage quotas and rate limits.
- Caches backend responses where set up.
- Logs call metadata for analytics purposes.
- Transforms your API on the fly without code modifications.
What are the benefits of using azure api management service
- Azure api management service provides ton of security and performance features. For example, based on the API access plan you selected (Free or paid), it limits the number of calls that are allowed as per the plan.
- Prevents Denial of Service (DOS) attacks by using throttling.
- Secures backend services by gating access with API keys.
- Use advanced security policies like JWT tokens, certificates, and other credentials.
In short, Azure API Management system lets you transform your APIs on the fly without any code changes.
© 2020 Pragimtech. All Rights Reserved.