SlideShare a Scribd company logo

APIs In Action -Harnessing the Power of Azure API Management: Building Robust and Secure APIs

Hamida Rebai Trabelsi
Hamida Rebai Trabelsi

In this session, we will delve into the advanced features of Azure API Management, with a focus on building robust, secure, and scalable APIs. Attendees will learn about security best practices, policy management, and how to effectively use Azure's tools to enhance API performance and security. The session will combine theoretical knowledge with real-world scenarios to provide a comprehensive understanding of API management in the Azure environment. Azure Developer YouTube - https://www.youtube.com/watch?v=TZi1AVC10P4 Microsoft Developer YouTube - https://www.youtube.com/watch?v=3MmDd3CR5is

Technology
1 of 20
Download to read offline
Azure Developers APIs in Action February 28, 2024
Harnessing the Power of Azure API Management: Building Robust and Secure API APIs in Action, February 2024 Hamida Rebai Microsoft MVP and MCT, Cloud Solutions Architect, Docker Captain
Azure Developers | APIs in Action Welcome
Azure Developers | APIs in Action Harnessing the Power of Azure API Management: Building Robust and Secure API
Azure Developers | APIs in Action Section 1 The first topic we’ll cover here the API requirements and challenges ,and the different advantages of using an API management platform Section 2 This section present an overview of API Management and the advanced features Section 3 This section presents the build of a Robust, Secure, and Scalable APIs. Section 4 This section present the security best practices Contents
Azure Developers | APIs in Action • APIs play a crucial role in connecting applications and enabling seamless interactions. • To engage in the API economy effectively, addressing several requirements and challenges related to monitoring, managing, and securing APIs is imperative. This includes: API requirements and challenges API requirements and challenges Reuse Easy access Security Visibility Establishing API facades empowers IT organizations to maintain support for legacy backends.
Azure Developers | APIs in Action Responsibility for Evolution: Companies publishing APIs must evolve them systematically. Developer Impact: Changes in APIs often require developers to rewrite programs, causing unnecessary disruptions. Simplified Facades: IT organizations use simpler facades to decouple internal implementation from the API consumer experience. Benefits of Facades: • Developer Independence: Simplified APIs allow changes in the underlying implementation without affecting developers' applications. • Legacy Support: Facades enable seamless transition from legacy APIs (XML, SOAP) to newer standards (JSON, REST) without recoding. • Justification for Investment: The efficiency gained through reuse and legacy support justifies investing in an API management platform. API Support: Decoupling through Facades
Azure Developers | APIs in Action • API management Platform is a proxy between the API and the customer, partner or developer using the API. • Definition: The API management pertains to software facilitating API life cycle stages: planning, design, implementation, testing, deployment, operation, versioning, and retirement. • Purpose: Organizations utilize APIs to modernize architectures, integrate systems, services, and partners efficiently, and monetize data and services. • Benefits: API management platform aids in discovering, designing, building, managing, and securing APIs, irrespective of organizational size, location, or industry. • Advantages: Enhances composability, security, and business resilience, accelerating organizational growth. API management platform Challenges and requirements
Azure Developers | APIs in Action Azure API Management Architecture and features The role of API management • API management provides core functions to ensure a successful API program through developer participation, business insight, analysis, security, and protection. • Each API consists of one or more operations, and each API can be added to one or more products. The system is made up of the following components: • API gateway (in Azure or Self-hosted gateway) • Azure portal • The Developer portal
Azure Developers | APIs in Action Azure API Management Architecture and features Control plane Data plane Developer Portal User Plane Azure API Admin Portal Admin Plane – management Plane API Gateway API API API API Gateway API API API App Developers API Owner – Admin role monitoring policies (metrics) Hosted service implementations in Azure Self-Hosted On- Premises Service Implementations
Azure Developers | APIs in Action Build of a Robust, Secure, and Scalable APIs Problem Importance of API Delivery Ensuring API Sustainability Role of API Providers Expectations from API Consumers Consequences of Poor API Delivery
Azure Developers | APIs in Action Build of a Robust, Secure, and Scalable APIs Best practises and Consumer-Centric API Portfolio Excellence Consumer-Centric Approach Contrast with Provider-Centric Approach Provider-Centric Anti-Pattern Sustainable APIs
Azure Developers | APIs in Action Security best practices Implement IAM and Security Configure Endpoint Protection Capabilities Implement API Mediation Configure Analytics and Reporting
Azure Developers | APIs in Action Secure APIs in Azure API Management by using subscriptions or by using certificates? Subscription Keys or plans Access control policies Monitoring and analytics Certificate Management Certificates in Azure Key Vault Configure API Management Policies
Azure Developers | APIs in Action Secure APIs by using subscriptions Subscription key scopes Scope Details All APIs Applies to every API accessible from the gateway Single API This scope applies to a single imported API and all of its endpoints Product A product is a collection of one or more APIs that you configure in API Management. You can assign APIs to more than one product. Products can have different access rules, usage quotas, and terms of use.
Azure Developers | APIs in Action Applications that call protected APIs • Must include the key in every request • You can regenerate these subscription keys at any time. • Every subscription has two keys, a primary and a secondary. Secure APIs by using subscriptions Applications that call protected APIs
Azure Developers | APIs in Action Keys can be passed in the request header, or as a query string in the URL. • The default header name is Ocp-Apim- Subscription-Key. • Use the developer portal to test out API calls Secure APIs by using subscriptions Call an API with the subscription key
Azure Developers | APIs in Action Secure APIs by using certificates Certificates can be used to provide Transport Layer Security (TLS) mutual authentication between the client and the API gateway. You can configure the API Management gateway to allow only requests with certificates containing a specific thumbprint. The authorization at the gateway level is handled through inbound policies.
Azure Developers | APIs in Action • Accepting client certificates in the Consumption tier • Certificate Authorization Policies • Check the thumbprint of a client certificate • Check the thumbprint against certificates uploaded to API Management • Check the issuer and subject of a client certificate Secure APIs by using certificates
Thank you Questions Hamida Rebai @rebaihamida

Recommended

Azure Spring Clean 2024 event - Azure API Management: Architecting for Perfor...
Azure Spring Clean 2024 event - Azure API Management: Architecting for Perfor...Azure Spring Clean 2024 event - Azure API Management: Architecting for Perfor...
Azure Spring Clean 2024 event - Azure API Management: Architecting for Perfor...Hamida Rebai Trabelsi
 
Creating an app ecosystem for your APIs
Creating an app ecosystem for your APIsCreating an app ecosystem for your APIs
Creating an app ecosystem for your APIsWaveMaker, Inc.
 
API Management Building Blocks and Business value
API Management Building Blocks and Business valueAPI Management Building Blocks and Business value
API Management Building Blocks and Business valueWSO2
 
Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0sflynn073
 
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...apidays
 
apidays LIVE Hong Kong - Orchestrating APIs at Scale by Hieu Nguyen Nhu
apidays LIVE Hong Kong - Orchestrating APIs at Scale by Hieu Nguyen Nhuapidays LIVE Hong Kong - Orchestrating APIs at Scale by Hieu Nguyen Nhu
apidays LIVE Hong Kong - Orchestrating APIs at Scale by Hieu Nguyen Nhuapidays
 
Grand tour of Azure API Management.pdf
Grand tour of Azure API Management.pdfGrand tour of Azure API Management.pdf
Grand tour of Azure API Management.pdfSherman37
 
API Economy - Cuomo
API Economy - Cuomo API Economy - Cuomo
API Economy - Cuomo Prolifics
 

Recommended

Azure Spring Clean 2024 event - Azure API Management: Architecting for Perfor...
Azure Spring Clean 2024 event - Azure API Management: Architecting for Perfor...Azure Spring Clean 2024 event - Azure API Management: Architecting for Perfor...
Azure Spring Clean 2024 event - Azure API Management: Architecting for Perfor...Hamida Rebai Trabelsi
 
Creating an app ecosystem for your APIs
Creating an app ecosystem for your APIsCreating an app ecosystem for your APIs
Creating an app ecosystem for your APIsWaveMaker, Inc.
 
API Management Building Blocks and Business value
API Management Building Blocks and Business valueAPI Management Building Blocks and Business value
API Management Building Blocks and Business valueWSO2
 
Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0sflynn073
 
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...apidays
 
apidays LIVE Hong Kong - Orchestrating APIs at Scale by Hieu Nguyen Nhu
apidays LIVE Hong Kong - Orchestrating APIs at Scale by Hieu Nguyen Nhuapidays LIVE Hong Kong - Orchestrating APIs at Scale by Hieu Nguyen Nhu
apidays LIVE Hong Kong - Orchestrating APIs at Scale by Hieu Nguyen Nhuapidays
 
Grand tour of Azure API Management.pdf
Grand tour of Azure API Management.pdfGrand tour of Azure API Management.pdf
Grand tour of Azure API Management.pdfSherman37
 
API Economy - Cuomo
API Economy - Cuomo API Economy - Cuomo
API Economy - Cuomo Prolifics
 
Transformation through the API
Transformation through the APITransformation through the API
Transformation through the APIAlex Danvy
 
Extend soa with api management Doag18
Extend soa with api management Doag18Extend soa with api management Doag18
Extend soa with api management Doag18Vinay Kumar
 
Day 1 axway apim-training
Day 1 axway apim-trainingDay 1 axway apim-training
Day 1 axway apim-trainingNextel Telecomunicações
 
WSO2 API Platform: Vision and Roadmap
WSO2 API Platform: Vision and RoadmapWSO2 API Platform: Vision and Roadmap
WSO2 API Platform: Vision and RoadmapWSO2
 
Extend soa with api management Sangam18
Extend soa with api management Sangam18Extend soa with api management Sangam18
Extend soa with api management Sangam18Vinay Kumar
 
Effective API Design
Effective API DesignEffective API Design
Effective API DesignBansilal Haudakari
 
Api manager
Api managerApi manager
Api managerchaitanya581
 
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...Callon Campbell
 
Extend soa with api management spoug- Madrid
Extend soa with api management spoug- MadridExtend soa with api management spoug- Madrid
Extend soa with api management spoug- MadridVinay Kumar
 
Webcast: Apigee Edge Product Demo
Webcast: Apigee Edge Product DemoWebcast: Apigee Edge Product Demo
Webcast: Apigee Edge Product DemoApigee | Google Cloud
 
Open Banking & Open Insurance
Open Banking & Open InsuranceOpen Banking & Open Insurance
Open Banking & Open InsuranceAmazon Web Services
 
Developers Are Users, Too
Developers Are Users, TooDevelopers Are Users, Too
Developers Are Users, TooVMware Tanzu
 
João Emilio Santos Bento da Silva - Estratégia de APIs
João Emilio Santos Bento da Silva - Estratégia de APIsJoão Emilio Santos Bento da Silva - Estratégia de APIs
João Emilio Santos Bento da Silva - Estratégia de APIsDevCamp Campinas
 
Apigee Edge Product Demo
Apigee Edge Product DemoApigee Edge Product Demo
Apigee Edge Product DemoApigee | Google Cloud
 
apidays London 2023 - API Metrics matters in APIOps, Ludovic Pourrat, Lombar...
apidays London 2023 - API Metrics matters in APIOps, Ludovic Pourrat, Lombar...apidays London 2023 - API Metrics matters in APIOps, Ludovic Pourrat, Lombar...
apidays London 2023 - API Metrics matters in APIOps, Ludovic Pourrat, Lombar...apidays
 
Azure API Manegement Introduction and Integeration with BizTalk
Azure API Manegement Introduction and Integeration with BizTalkAzure API Manegement Introduction and Integeration with BizTalk
Azure API Manegement Introduction and Integeration with BizTalkShailesh Dwivedi
 
API Development – Complete Guide to Developing Robust APIs
API Development – Complete Guide to Developing Robust APIsAPI Development – Complete Guide to Developing Robust APIs
API Development – Complete Guide to Developing Robust APIsCerebrum Infotech
 
#APIOps- Agile API Development powered by API Connect
#APIOps- Agile API Development powered by API Connect#APIOps- Agile API Development powered by API Connect
#APIOps- Agile API Development powered by API Connectpramodvallanur
 
API Management Platform Technical Evaluation Framework
API Management Platform Technical Evaluation FrameworkAPI Management Platform Technical Evaluation Framework
API Management Platform Technical Evaluation FrameworkWSO2
 
Application Development with API Manager
Application Development with API ManagerApplication Development with API Manager
Application Development with API ManagerWSO2
 
Rome .NET Conference 2024 - Remote Conference
Rome .NET Conference 2024 - Remote ConferenceRome .NET Conference 2024 - Remote Conference
Rome .NET Conference 2024 - Remote ConferenceHamida Rebai Trabelsi
 
Streamlining Workflows: Unleashing Automation with Azure and Power Automate
Streamlining Workflows: Unleashing Automation with Azure and Power AutomateStreamlining Workflows: Unleashing Automation with Azure and Power Automate
Streamlining Workflows: Unleashing Automation with Azure and Power AutomateHamida Rebai Trabelsi
 

More Related Content

Similar to APIs In Action -Harnessing the Power of Azure API Management: Building Robust and Secure APIs

Transformation through the API
Transformation through the APITransformation through the API
Transformation through the APIAlex Danvy
 
Extend soa with api management Doag18
Extend soa with api management Doag18Extend soa with api management Doag18
Extend soa with api management Doag18Vinay Kumar
 
WSO2 API Platform: Vision and Roadmap
WSO2 API Platform: Vision and RoadmapWSO2 API Platform: Vision and Roadmap
WSO2 API Platform: Vision and RoadmapWSO2
 
Extend soa with api management Sangam18
Extend soa with api management Sangam18Extend soa with api management Sangam18
Extend soa with api management Sangam18Vinay Kumar
 
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...Callon Campbell
 
Extend soa with api management spoug- Madrid
Extend soa with api management spoug- MadridExtend soa with api management spoug- Madrid
Extend soa with api management spoug- MadridVinay Kumar
 
Developers Are Users, Too
Developers Are Users, TooDevelopers Are Users, Too
Developers Are Users, TooVMware Tanzu
 
João Emilio Santos Bento da Silva - Estratégia de APIs
João Emilio Santos Bento da Silva - Estratégia de APIsJoão Emilio Santos Bento da Silva - Estratégia de APIs
João Emilio Santos Bento da Silva - Estratégia de APIsDevCamp Campinas
 
apidays London 2023 - API Metrics matters in APIOps, Ludovic Pourrat, Lombar...
apidays London 2023 - API Metrics matters in APIOps, Ludovic Pourrat, Lombar...apidays London 2023 - API Metrics matters in APIOps, Ludovic Pourrat, Lombar...
apidays London 2023 - API Metrics matters in APIOps, Ludovic Pourrat, Lombar...apidays
 
Azure API Manegement Introduction and Integeration with BizTalk
Azure API Manegement Introduction and Integeration with BizTalkAzure API Manegement Introduction and Integeration with BizTalk
Azure API Manegement Introduction and Integeration with BizTalkShailesh Dwivedi
 
API Development – Complete Guide to Developing Robust APIs
API Development – Complete Guide to Developing Robust APIsAPI Development – Complete Guide to Developing Robust APIs
API Development – Complete Guide to Developing Robust APIsCerebrum Infotech
 
#APIOps- Agile API Development powered by API Connect
#APIOps- Agile API Development powered by API Connect#APIOps- Agile API Development powered by API Connect
#APIOps- Agile API Development powered by API Connectpramodvallanur
 
API Management Platform Technical Evaluation Framework
API Management Platform Technical Evaluation FrameworkAPI Management Platform Technical Evaluation Framework
API Management Platform Technical Evaluation FrameworkWSO2
 
Application Development with API Manager
Application Development with API ManagerApplication Development with API Manager
Application Development with API ManagerWSO2
 

Similar to APIs In Action -Harnessing the Power of Azure API Management: Building Robust and Secure APIs (20)

Transformation through the API
Transformation through the APITransformation through the API
Transformation through the API
 
Extend soa with api management Doag18
Extend soa with api management Doag18Extend soa with api management Doag18
Extend soa with api management Doag18
 
Day 1 axway apim-training
Day 1 axway apim-trainingDay 1 axway apim-training
Day 1 axway apim-training
 
WSO2 API Platform: Vision and Roadmap
WSO2 API Platform: Vision and RoadmapWSO2 API Platform: Vision and Roadmap
WSO2 API Platform: Vision and Roadmap
 
Extend soa with api management Sangam18
Extend soa with api management Sangam18Extend soa with api management Sangam18
Extend soa with api management Sangam18
 
Effective API Design
Effective API DesignEffective API Design
Effective API Design
 
Api manager
Api managerApi manager
Api manager
 
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...
Global Azure 2022 - Architecting Modern Serverless APIs with Azure Functions ...
 
Extend soa with api management spoug- Madrid
Extend soa with api management spoug- MadridExtend soa with api management spoug- Madrid
Extend soa with api management spoug- Madrid
 
Webcast: Apigee Edge Product Demo
Webcast: Apigee Edge Product DemoWebcast: Apigee Edge Product Demo
Webcast: Apigee Edge Product Demo
 
Open Banking & Open Insurance
Open Banking & Open InsuranceOpen Banking & Open Insurance
Open Banking & Open Insurance
 
Developers Are Users, Too
Developers Are Users, TooDevelopers Are Users, Too
Developers Are Users, Too
 
João Emilio Santos Bento da Silva - Estratégia de APIs
João Emilio Santos Bento da Silva - Estratégia de APIsJoão Emilio Santos Bento da Silva - Estratégia de APIs
João Emilio Santos Bento da Silva - Estratégia de APIs
 
Apigee Edge Product Demo
Apigee Edge Product DemoApigee Edge Product Demo
Apigee Edge Product Demo
 
apidays London 2023 - API Metrics matters in APIOps, Ludovic Pourrat, Lombar...
apidays London 2023 - API Metrics matters in APIOps, Ludovic Pourrat, Lombar...apidays London 2023 - API Metrics matters in APIOps, Ludovic Pourrat, Lombar...
apidays London 2023 - API Metrics matters in APIOps, Ludovic Pourrat, Lombar...
 
Azure API Manegement Introduction and Integeration with BizTalk
Azure API Manegement Introduction and Integeration with BizTalkAzure API Manegement Introduction and Integeration with BizTalk
Azure API Manegement Introduction and Integeration with BizTalk
 
API Development – Complete Guide to Developing Robust APIs
API Development – Complete Guide to Developing Robust APIsAPI Development – Complete Guide to Developing Robust APIs
API Development – Complete Guide to Developing Robust APIs
 
#APIOps- Agile API Development powered by API Connect
#APIOps- Agile API Development powered by API Connect#APIOps- Agile API Development powered by API Connect
#APIOps- Agile API Development powered by API Connect
 
API Management Platform Technical Evaluation Framework
API Management Platform Technical Evaluation FrameworkAPI Management Platform Technical Evaluation Framework
API Management Platform Technical Evaluation Framework
 
Application Development with API Manager
Application Development with API ManagerApplication Development with API Manager
Application Development with API Manager
 

More from Hamida Rebai Trabelsi

Rome .NET Conference 2024 - Remote Conference
Rome .NET Conference 2024 - Remote ConferenceRome .NET Conference 2024 - Remote Conference
Rome .NET Conference 2024 - Remote ConferenceHamida Rebai Trabelsi
 
Streamlining Workflows: Unleashing Automation with Azure and Power Automate
Streamlining Workflows: Unleashing Automation with Azure and Power AutomateStreamlining Workflows: Unleashing Automation with Azure and Power Automate
Streamlining Workflows: Unleashing Automation with Azure and Power AutomateHamida Rebai Trabelsi
 
Configurer GitHub Actions avec Docker et DotNET 8.pdf
Configurer GitHub Actions avec Docker et DotNET 8.pdfConfigurer GitHub Actions avec Docker et DotNET 8.pdf
Configurer GitHub Actions avec Docker et DotNET 8.pdfHamida Rebai Trabelsi
 
Build containerized application using Docker and Azure.pdf
Build containerized application using Docker and Azure.pdfBuild containerized application using Docker and Azure.pdf
Build containerized application using Docker and Azure.pdfHamida Rebai Trabelsi
 
Conteneuriser une application .NET 8 en utilisant Docker et Azure.pdf
Conteneuriser une application .NET 8 en utilisant Docker et Azure.pdfConteneuriser une application .NET 8 en utilisant Docker et Azure.pdf
Conteneuriser une application .NET 8 en utilisant Docker et Azure.pdfHamida Rebai Trabelsi
 
Les nouveautés de Xamarin et Visual Studio App Center
Les nouveautés de Xamarin et Visual Studio App CenterLes nouveautés de Xamarin et Visual Studio App Center
Les nouveautés de Xamarin et Visual Studio App CenterHamida Rebai Trabelsi
 
White Paper : ASP.NET Core AngularJs 2 and Prime
White Paper : ASP.NET Core AngularJs 2 and PrimeWhite Paper : ASP.NET Core AngularJs 2 and Prime
White Paper : ASP.NET Core AngularJs 2 and PrimeHamida Rebai Trabelsi
 
C# Fundamentals for Absolute Beginners
C# Fundamentals for Absolute BeginnersC# Fundamentals for Absolute Beginners
C# Fundamentals for Absolute BeginnersHamida Rebai Trabelsi
 
Preparing for Exam MTA 98-375 HTML5 App Development
Preparing for Exam MTA 98-375 HTML5 App DevelopmentPreparing for Exam MTA 98-375 HTML5 App Development
Preparing for Exam MTA 98-375 HTML5 App DevelopmentHamida Rebai Trabelsi
 
Microsoft Azure Fundamentals Websites
Microsoft Azure Fundamentals WebsitesMicrosoft Azure Fundamentals Websites
Microsoft Azure Fundamentals WebsitesHamida Rebai Trabelsi
 

More from Hamida Rebai Trabelsi (20)

Rome .NET Conference 2024 - Remote Conference
Rome .NET Conference 2024 - Remote ConferenceRome .NET Conference 2024 - Remote Conference
Rome .NET Conference 2024 - Remote Conference
 
Streamlining Workflows: Unleashing Automation with Azure and Power Automate
Streamlining Workflows: Unleashing Automation with Azure and Power AutomateStreamlining Workflows: Unleashing Automation with Azure and Power Automate
Streamlining Workflows: Unleashing Automation with Azure and Power Automate
 
Configurer GitHub Actions avec Docker et DotNET 8.pdf
Configurer GitHub Actions avec Docker et DotNET 8.pdfConfigurer GitHub Actions avec Docker et DotNET 8.pdf
Configurer GitHub Actions avec Docker et DotNET 8.pdf
 
Build containerized application using Docker and Azure.pdf
Build containerized application using Docker and Azure.pdfBuild containerized application using Docker and Azure.pdf
Build containerized application using Docker and Azure.pdf
 
Conteneuriser une application .NET 8 en utilisant Docker et Azure.pdf
Conteneuriser une application .NET 8 en utilisant Docker et Azure.pdfConteneuriser une application .NET 8 en utilisant Docker et Azure.pdf
Conteneuriser une application .NET 8 en utilisant Docker et Azure.pdf
 
TechDayConf Edition 1 - 2020
TechDayConf Edition 1 - 2020TechDayConf Edition 1 - 2020
TechDayConf Edition 1 - 2020
 
Les nouveautés de Xamarin et Visual Studio App Center
Les nouveautés de Xamarin et Visual Studio App CenterLes nouveautés de Xamarin et Visual Studio App Center
Les nouveautés de Xamarin et Visual Studio App Center
 
Xamarin notes- en français
Xamarin notes- en françaisXamarin notes- en français
Xamarin notes- en français
 
Advices before starting a project
Advices before starting a projectAdvices before starting a project
Advices before starting a project
 
White Paper : ASP.NET Core AngularJs 2 and Prime
White Paper : ASP.NET Core AngularJs 2 and PrimeWhite Paper : ASP.NET Core AngularJs 2 and Prime
White Paper : ASP.NET Core AngularJs 2 and Prime
 
Certification Digital Active
Certification Digital ActiveCertification Digital Active
Certification Digital Active
 
Resume-REBAI.json
Resume-REBAI.jsonResume-REBAI.json
Resume-REBAI.json
 
Présentation- Communauté
Présentation- CommunautéPrésentation- Communauté
Présentation- Communauté
 
Detailed-Resume-Rebai-Hamida
Detailed-Resume-Rebai-HamidaDetailed-Resume-Rebai-Hamida
Detailed-Resume-Rebai-Hamida
 
CV REBAI Hamida
CV REBAI HamidaCV REBAI Hamida
CV REBAI Hamida
 
TechWadi-MENA-Guide-to-GES-2016-vf
TechWadi-MENA-Guide-to-GES-2016-vfTechWadi-MENA-Guide-to-GES-2016-vf
TechWadi-MENA-Guide-to-GES-2016-vf
 
C# Fundamentals for Absolute Beginners
C# Fundamentals for Absolute BeginnersC# Fundamentals for Absolute Beginners
C# Fundamentals for Absolute Beginners
 
Preparing for Exam MTA 98-375 HTML5 App Development
Preparing for Exam MTA 98-375 HTML5 App DevelopmentPreparing for Exam MTA 98-375 HTML5 App Development
Preparing for Exam MTA 98-375 HTML5 App Development
 
Microsoft Azure Fundamentals
Microsoft Azure FundamentalsMicrosoft Azure Fundamentals
Microsoft Azure Fundamentals
 
Microsoft Azure Fundamentals Websites
Microsoft Azure Fundamentals WebsitesMicrosoft Azure Fundamentals Websites
Microsoft Azure Fundamentals Websites
 

Recently uploaded

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Recently uploaded (20)

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

APIs In Action -Harnessing the Power of Azure API Management: Building Robust and Secure APIs

  • 2. Harnessing the Power of Azure API Management: Building Robust and Secure API APIs in Action, February 2024 Hamida Rebai Microsoft MVP and MCT, Cloud Solutions Architect, Docker Captain
  • 3. Azure Developers | APIs in Action Welcome
  • 4. Azure Developers | APIs in Action Harnessing the Power of Azure API Management: Building Robust and Secure API
  • 5. Azure Developers | APIs in Action Section 1 The first topic we’ll cover here the API requirements and challenges ,and the different advantages of using an API management platform Section 2 This section present an overview of API Management and the advanced features Section 3 This section presents the build of a Robust, Secure, and Scalable APIs. Section 4 This section present the security best practices Contents
  • 6. Azure Developers | APIs in Action • APIs play a crucial role in connecting applications and enabling seamless interactions. • To engage in the API economy effectively, addressing several requirements and challenges related to monitoring, managing, and securing APIs is imperative. This includes: API requirements and challenges API requirements and challenges Reuse Easy access Security Visibility Establishing API facades empowers IT organizations to maintain support for legacy backends.
  • 7. Azure Developers | APIs in Action Responsibility for Evolution: Companies publishing APIs must evolve them systematically. Developer Impact: Changes in APIs often require developers to rewrite programs, causing unnecessary disruptions. Simplified Facades: IT organizations use simpler facades to decouple internal implementation from the API consumer experience. Benefits of Facades: • Developer Independence: Simplified APIs allow changes in the underlying implementation without affecting developers' applications. • Legacy Support: Facades enable seamless transition from legacy APIs (XML, SOAP) to newer standards (JSON, REST) without recoding. • Justification for Investment: The efficiency gained through reuse and legacy support justifies investing in an API management platform. API Support: Decoupling through Facades
  • 8. Azure Developers | APIs in Action • API management Platform is a proxy between the API and the customer, partner or developer using the API. • Definition: The API management pertains to software facilitating API life cycle stages: planning, design, implementation, testing, deployment, operation, versioning, and retirement. • Purpose: Organizations utilize APIs to modernize architectures, integrate systems, services, and partners efficiently, and monetize data and services. • Benefits: API management platform aids in discovering, designing, building, managing, and securing APIs, irrespective of organizational size, location, or industry. • Advantages: Enhances composability, security, and business resilience, accelerating organizational growth. API management platform Challenges and requirements
  • 9. Azure Developers | APIs in Action Azure API Management Architecture and features The role of API management • API management provides core functions to ensure a successful API program through developer participation, business insight, analysis, security, and protection. • Each API consists of one or more operations, and each API can be added to one or more products. The system is made up of the following components: • API gateway (in Azure or Self-hosted gateway) • Azure portal • The Developer portal
  • 10. Azure Developers | APIs in Action Azure API Management Architecture and features Control plane Data plane Developer Portal User Plane Azure API Admin Portal Admin Plane – management Plane API Gateway API API API API Gateway API API API App Developers API Owner – Admin role monitoring policies (metrics) Hosted service implementations in Azure Self-Hosted On- Premises Service Implementations
  • 11. Azure Developers | APIs in Action Build of a Robust, Secure, and Scalable APIs Problem Importance of API Delivery Ensuring API Sustainability Role of API Providers Expectations from API Consumers Consequences of Poor API Delivery
  • 12. Azure Developers | APIs in Action Build of a Robust, Secure, and Scalable APIs Best practises and Consumer-Centric API Portfolio Excellence Consumer-Centric Approach Contrast with Provider-Centric Approach Provider-Centric Anti-Pattern Sustainable APIs
  • 13. Azure Developers | APIs in Action Security best practices Implement IAM and Security Configure Endpoint Protection Capabilities Implement API Mediation Configure Analytics and Reporting
  • 14. Azure Developers | APIs in Action Secure APIs in Azure API Management by using subscriptions or by using certificates? Subscription Keys or plans Access control policies Monitoring and analytics Certificate Management Certificates in Azure Key Vault Configure API Management Policies
  • 15. Azure Developers | APIs in Action Secure APIs by using subscriptions Subscription key scopes Scope Details All APIs Applies to every API accessible from the gateway Single API This scope applies to a single imported API and all of its endpoints Product A product is a collection of one or more APIs that you configure in API Management. You can assign APIs to more than one product. Products can have different access rules, usage quotas, and terms of use.
  • 16. Azure Developers | APIs in Action Applications that call protected APIs • Must include the key in every request • You can regenerate these subscription keys at any time. • Every subscription has two keys, a primary and a secondary. Secure APIs by using subscriptions Applications that call protected APIs
  • 17. Azure Developers | APIs in Action Keys can be passed in the request header, or as a query string in the URL. • The default header name is Ocp-Apim- Subscription-Key. • Use the developer portal to test out API calls Secure APIs by using subscriptions Call an API with the subscription key
  • 18. Azure Developers | APIs in Action Secure APIs by using certificates Certificates can be used to provide Transport Layer Security (TLS) mutual authentication between the client and the API gateway. You can configure the API Management gateway to allow only requests with certificates containing a specific thumbprint. The authorization at the gateway level is handled through inbound policies.
  • 19. Azure Developers | APIs in Action • Accepting client certificates in the Consumption tier • Certificate Authorization Policies • Check the thumbprint of a client certificate • Check the thumbprint against certificates uploaded to API Management • Check the issuer and subject of a client certificate Secure APIs by using certificates