Azure APIM Series 2: Components
If you think about what is Azure APIM, please read Azure APIM Series 1 first and come again.
We talked about Azure API Management features and now let’s get to know closely API Management features. Now let’s go into a little more detail and learn about its components.
The basic APIM architecture published by Microsoft is visualized below. To summarize here; The main management part of our APIs, where we integrate and configure all the APIs published by our company and define policies such as IP restriction, caching, token validation, request-response transformation, is the area shown as the Management Plane (API). The Data Plane (Gateway) area is the part where we manage access via APIm by defining distinctive suffixes to the APIs we publish. The Developer Portal (User Plane) area is a web page created specifically for each APIM that contains documentation of the APIs that developers can access via APIm, where sample requests and tests can be made, and can be customized with designers.
As shown in the sample architecture, APIs can be published with other Azure services such as app service, azure function, etc. and the requested security, performance monitoring, configurations of Azure features such as Key-value, virtual network (VNet), Web application Firewall (WAF), app insight, A comprehensive APIM service is provided with the help of routing flows.
Let’s detail the components under headings
API Gateway
API Gateway is responsible for handling all requests from all client applications and then forwarding them to backend services. Here, API Gateway serves as a facade to backend services, aiming to abstract API applications and directing them to appropriate backend services. This allows APIs to be managed on a single platform without affecting API consumers during routing. API gateway allows consistent configuration of routing, security, throttling, caching, and observability.
Basic features of API gateway;
- Responsible for meeting all requests and forwarding them to the appropriate APIs.
- API allows requests to be verified with credentials such as subscription key, certificate, JWT token.
- Restricts access by checking specified usage quotas or request limits.
- It is responsible for transmitting requests and responses in specific defined formats.
- If specified in configurations, it helps reduce the load on backend services by caching requests and improves response latency.
- It ensures that logs and metrics are directed to relevant configurations for monitoring, reporting, performance, and troubleshooting flows.
In addition, with its self-hosted gateway feature, it optimizes API traffic by creating an isolated on-prem APIM service published within the company with the same configurations on APIM and allows managing local communication on a single platform. Self-hosted gateway is packaged with a Linux-based docker container and deployed via services such as Kubernetes and OpenShift.
When an API Management service is created, a gateway link with the defined name is automatically created. You can access this link with the “Gateway URL” definition on the overview screen. If no configuration or DNS definition is made, you will see a URL with the extension “azure-api.net”.
Management Plane
Management Plane is the management platform where all the configurations we mentioned in gateway control are defined with authorized users on the Azure Portal. Through this platform, we ensure that all the APIs we want to manage on APIM are added to the platform. Security and logging flows can be managed by defining global or specific policies on the added APIs. Caching, token validation, IP restriction, rate limit, etc. policies, which will be detailed in the next articles, are configured on the management plane.
At the same time, the privatization and publishing of the developer portal is also controlled on the management plane, as are the authorization structures on the developer portal. By using other Azure services and features on the management plane, a more secure, traceable API Management service is created with defined features such as app registration, application insights, authorization server, identity, network, product as needed.
Developer Portal
The developer portal is an open-source customizable website that is automatically created when Azure API Management is created. The developer portal includes documentation of the APIs published on APIM and allows customization for your company. You can specify the request and user rates used in the Developer Portal and create a more useful website for your developers by defining special static pages.
You can restrict the APIs that developer portal users can access and provide faster and more secure access with authentication definitions.
When the Developer Portal is accessed by the admin user, the site opens in designer mode the default components can be customized and operations such as creating new page links and adding images can be performed using the menu on the left.
The user who accesses the list of APIs published in the developer portal will access the API’s documentation by selecting the relevant API. If there are request examples for the operations (endpoints) defined here, APIs can be tested by making sample requests with parameter information.
Resources:
