Chris Reddington

Published on Tue, Aug 17, 2021

API Economy Integration APIs

Back in June, I wrote a blog post on API Management and how you can use API Management policies to enforce access restriction policies. I was going to write a follow up post on how to use API Management policies in further scenarios, though it’s one of those scenarios where great minds think alike!

My friend and colleague Matthew Fortunka recently authored a blog post on the same topic. Matt’s post is here.

Overall, Matt covers a lot of ground in his post. I think it’s a great read, and an interesting set of experiments. To summarise, he covers -

  • How to use Managed Identity to connect to Azure services from API Management.
  • Using the authenticate-managed-identity policy to retrieve an access token, and then how you can use that token in downstream requests.
  • Using the aforementioned token to call the Azure Resource Manager REST APIs
  • Using the aforementioned token to send a message to an Azure Service Bus Queue (Yes, without having any specific producer code to send the message - handling this directly using APIM policies!)
  • Using the token to write a file to Azure Blob Storage.

You can likely see where this is going. By cleverly using the Managed Identity associated with the Azure API Management Resource (therefore using the resulting JSON Web token (JWT)) and using Azure Policies to make the HTTP Request directly, you could call any Azure REST API available (and where the managed identity has appropriate permissions, of course).

Matt covers this with some great examples in his post, so I highly encourage you to go and take a look at it! He hints at the potential of using the Graph API, as well as the Azure SQL APIs as well.

As always, it’s important to understand the wider context of your implementation. I’d love to dig into the impact of implementing in this approach on the performance of an API Management resource, and how this copes under high load scenarios. Perhaps that’s a future blog post, and maybe a collaboration! Nevertheless, if you need to call an Azure REST API directly, this is an interesting approach that I hadn’t considered previously!

Have you tried this approach - Using API Management policies to call additional APIs directly? If you have, what have you found? How are you using it in your own scenarios? I’d love to hear more, so get in touch over on Twitter, @reddobowen. I’m sure Matt would love to hear as well, over on Twitter, @memleek.

Thanks again Matt for the great blog post, which I thoroughly recommend taking a look through!

Related

Using API Management Policies to enforce access restriction policies

Blog

Using API Management Policies to enforce access restriction policies

We recently introduced you to API Management, how it maps to architectural principals and why you may consider using it as a producer or consumer of APIs. In this post, we’ll be continuing on the story - focusing mostly on the API Management policies functionality.

An introduction to API …

API Economy Integration APIs

A series on API management

Chris Reddington Published on Mon, Jun 28, 2021

Introduction to Azure API Management

Blog

Introduction to Azure API Management

We now live in a world where multiple systems connect or integrate with each other. This is not new, and has been a technology trend for some time. But - in a world of distributed compute (on the increase, thanks to cloud), and the rise of microservices, we find that we have more and more services …

API Economy Integration APIs

A series on API management

Chris Reddington Published on Tue, Jun 22, 2021

26 - The Pub Sub, Priority Queue and Pipes and Filter Patterns

Episode

26 - The Pub Sub, Priority Queue and Pipes and Filter Patterns

Ever wondered how complex integration systems / enterprise messaging works? Curious about whether there’s a way to bypass and prioritise certain messages? Then join this episode as Chris Reddington and Will Eastbury explore the Priority Queue and Pipes and Filter patterns. Spoiler - These …

Architecture APIs Cloud Design Patterns Messaging Integration Azure Architecture Center

Architecting for the cloud, one pattern at a time

Chris Reddington Will Eastbury Published on Fri, Feb 12, 2021

21 - The Queue Based Load Levelling and Competing Consumers Pattern

Episode

21 - The Queue Based Load Levelling and Competing Consumers Pattern

Do you have an application with some specific requirements around scalability, and continuity of service? What happens if your service is hit by heavy load? Could performance/reliability issues cause an impact to your solution? This is where both the queue-based load levelling and competing …

Architecture APIs Cloud Design Patterns Azure Architecture Center Messaging Integration Scalability Requirements

Architecting for the cloud, one pattern at a time

Chris Reddington Will Eastbury Published on Fri, Jan 1, 2021