{"id":4125,"date":"2023-11-04T23:14:04","date_gmt":"2023-11-04T23:14:04","guid":{"rendered":"http:\/\/localhost:10003\/securing-your-api-with-azure-api-management\/"},"modified":"2023-11-05T05:48:00","modified_gmt":"2023-11-05T05:48:00","slug":"securing-your-api-with-azure-api-management","status":"publish","type":"post","link":"http:\/\/localhost:10003\/securing-your-api-with-azure-api-management\/","title":{"rendered":"Securing your API with Azure API Management"},"content":{"rendered":"<p>When an API is designed, the security of the API is a crucial aspect that should not be overlooked. Secure APIs help provide better protection against unauthorized access and ensure that data is shared only amongst authorized entities. Azure API Management is a service provided by Microsoft Azure that helps with the secure distribution of APIs. In this tutorial, we will walk you through how to secure your API with Azure API Management.<\/p>\n<h2>Pre-requisites<\/h2>\n<p>Before we begin, you&#8217;ll need to have the following:<\/p>\n<ul>\n<li>A Microsoft Azure account<\/li>\n<li>An API hosted in an accessible location. For this tutorial, we will use a simple API hosted on an Azure Function App<\/li>\n<\/ul>\n<h2>Step 1: Create an API Management account<\/h2>\n<p>First, we need to create an API Management account in Microsoft Azure.<\/p>\n<ol>\n<li>Log in to the Microsoft Azure Portal<\/li>\n<li>Navigate to the <strong>API Management Services<\/strong> page<\/li>\n<li>Click the <strong>Add<\/strong> button to add a new service<\/li>\n<li>On the <strong>Add API Management<\/strong> screen, fill in the required information, such as account name, subscription, resource group, and location.<\/li>\n<li>Once you have entered all the required information, click the <strong>Create<\/strong> button to create an API Management account<\/li>\n<\/ol>\n<h2>Step 2: Import your API<\/h2>\n<p>With an API Management account in place, we can now import the API that needs to be secured.<\/p>\n<ol>\n<li>Click on the newly created API Management account<\/li>\n<li>In the API Management account page, click the <strong>APIs<\/strong> link on the left-hand menu<\/li>\n<li>On the <strong>APIs<\/strong> page, click the <strong>Add API<\/strong> button<\/li>\n<li>In the <strong>Add API<\/strong> screen, fill in the required information, such as API URL and Display name<\/li>\n<li>Choose the authentication type for the API. There are multiple options available, such as No authentication, OAuth 2.0, and OpenID Connect. For this tutorial, we will choose <strong>No authentication<\/strong>.<\/li>\n<li>Click the <strong>Create<\/strong> button to add the API to Azure API Management<\/li>\n<\/ol>\n<h2>Step 3: Configure API Security<\/h2>\n<p>With API imported, the next step is to configure the API security.<\/p>\n<ol>\n<li>From within the API Management account page, click on the API that you imported in step 2<\/li>\n<li>In the <strong>API Operations<\/strong> page, click on the <strong>Settings<\/strong> link on the left-hand side menu<\/li>\n<li>In the <strong>Settings<\/strong> screen, navigate to the <strong>Security<\/strong> tab and choose your preferred security mechanism. For instance, we can choose <strong>OAuth 2.0<\/strong>.<\/li>\n<li>Configure the authentication mechanism by filling in the required fields. In the case of OAuth 2.0, various fields, such as <strong>Client ID<\/strong>, <strong>Client Secret<\/strong>, <strong>Authorization Endpoint<\/strong>, <strong>Token Endpoint<\/strong>, etc. need to be filled in.<\/li>\n<li>Once you have configured all the necessary fields, click the <strong>Save<\/strong> button to save the changes<\/li>\n<\/ol>\n<h2>Step 4: Create users and groups<\/h2>\n<p>When an API is secured using Azure API Management, users need to be created, and access needs to be granted. This can be done using Azure Active Directory.<\/p>\n<ol>\n<li>Navigate to the <strong>Azure Active Directory<\/strong> page on the Azure Portal<\/li>\n<li>In the <strong>Azure Active Directory<\/strong> page, click on the <strong>Users<\/strong> link on the left-hand side menu<\/li>\n<li>In the <strong>Users<\/strong> page, click on the <strong>New user<\/strong> button to add a new user<\/li>\n<li>Fill in the required fields, such as First name, Last name, User name, etc.<\/li>\n<li>Click on the <strong>Create<\/strong> button to create the user<\/li>\n<li>Repeat steps 3 to 5 to add more users if necessary<\/li>\n<li>Now we will create a group for which we will grant access to the API<\/li>\n<li>Click on the <strong>Groups<\/strong> link on the left-hand side menu<\/li>\n<li>In the <strong>Groups<\/strong> page, click on the <strong>New group<\/strong> button to add a new group<\/li>\n<li>Fill in the required fields, such as Name and Description of the group.<\/li>\n<li>Click on the <strong>Create<\/strong> button to create the group<\/li>\n<li>From the <strong>Overview<\/strong> page of the API Management account, click on <strong>Access control (IAM)<\/strong><\/li>\n<li>Click on the <strong>Add role assignment<\/strong> button<\/li>\n<li>Choose the role that you want the group to have, such as <strong>Contributor<\/strong> or <strong>Reader<\/strong><\/li>\n<li>In the <strong>Select<\/strong> field, search for the group you created in step 9<\/li>\n<li>Once you have selected the group, click on the <strong>Save<\/strong> button to grant access to the group<\/li>\n<\/ol>\n<h2>Step 5: Add policies for further security<\/h2>\n<p>API Management provides policies that can be added to an API to provide extra layers of security or perform certain operations. In this step, we will add a policy to limit the requests per second.<\/p>\n<ol>\n<li>From within the API Management account page, click on the API that you imported in step 2<\/li>\n<li>In the <strong>API Operations<\/strong> page, click on the <strong>Policies<\/strong> link on the left-hand side menu<\/li>\n<li>In the <strong>Policies<\/strong> page, select <strong>Add API Policy<\/strong><\/li>\n<li>Add the following policy to the policy editor to limit requests per second. For instance, limit to 5 requests per second.<\/li>\n<\/ol>\n<pre><code>&lt;policies&gt;\n   &lt;inbound&gt;\n      &lt;rate-limit-by-key calls=\"5\" renewal-period=\"60\" counter-key=\"@(context.Subscription.Id)\" \/&gt;\n   &lt;\/inbound&gt;\n&lt;\/policies&gt;\n<\/code><\/pre>\n<ol>\n<li>Click on the <strong>Save<\/strong> button to save the policy.<\/li>\n<\/ol>\n<h2>Step 6: Test the secured API<\/h2>\n<p>With all the necessary settings in place, it&#8217;s time to test the secured API.<\/p>\n<ol>\n<li>From within the API Management account page, click on the API that you imported in step 2<\/li>\n<li>In the <strong>API Operations<\/strong> page, click on the <strong>Test<\/strong> button to test the API<\/li>\n<li>In the <strong>Test<\/strong> page, choose the operation to test and click the <strong>Send<\/strong> button to test the API.<\/li>\n<\/ol>\n<p>If all the settings have been configured correctly, you should receive a response indicating that the API is successfully secured.<\/p>\n<h2>Conclusion<\/h2>\n<p>Securing your API with Azure API Management is a crucial step in designing a secure API. By following these steps, you can add an extra layer of security to your APIs. Azure API Management provides various mechanisms to secure an API, such as OAuth 2.0, OpenID Connect, and other policies. These mechanisms can be easily configured, and access can be granted to groups or users via Azure Active Directory. By securing your API, you can provide better protection against unauthorized access and ensure that data is shared only amongst authorized entities.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>When an API is designed, the security of the API is a crucial aspect that should not be overlooked. Secure APIs help provide better protection against unauthorized access and ensure that data is shared only amongst authorized entities. Azure API Management is a service provided by Microsoft Azure that helps <a href=\"http:\/\/localhost:10003\/securing-your-api-with-azure-api-management\/\" class=\"btn btn-link continue-link\">Continue Reading<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","footnotes":""},"categories":[1],"tags":[1382,1383,1384,1385,1381,1380,1379],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.5 (Yoast SEO v21.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Securing your API with Azure API Management - Pantherax Blogs<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/localhost:10003\/securing-your-api-with-azure-api-management\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Securing your API with Azure API Management\" \/>\n<meta property=\"og:description\" content=\"When an API is designed, the security of the API is a crucial aspect that should not be overlooked. Secure APIs help provide better protection against unauthorized access and ensure that data is shared only amongst authorized entities. Azure API Management is a service provided by Microsoft Azure that helps Continue Reading\" \/>\n<meta property=\"og:url\" content=\"http:\/\/localhost:10003\/securing-your-api-with-azure-api-management\/\" \/>\n<meta property=\"og:site_name\" content=\"Pantherax Blogs\" \/>\n<meta property=\"article:published_time\" content=\"2023-11-04T23:14:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-11-05T05:48:00+00:00\" \/>\n<meta name=\"author\" content=\"Panther\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Panther\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\n\t    \"@context\": \"https:\/\/schema.org\",\n\t    \"@graph\": [\n\t        {\n\t            \"@type\": \"Article\",\n\t            \"@id\": \"http:\/\/localhost:10003\/securing-your-api-with-azure-api-management\/#article\",\n\t            \"isPartOf\": {\n\t                \"@id\": \"http:\/\/localhost:10003\/securing-your-api-with-azure-api-management\/\"\n\t            },\n\t            \"author\": {\n\t                \"name\": \"Panther\",\n\t                \"@id\": \"http:\/\/localhost:10003\/#\/schema\/person\/b63d816f4964b163e53cbbcffaa0f3d7\"\n\t            },\n\t            \"headline\": \"Securing your API with Azure API Management\",\n\t            \"datePublished\": \"2023-11-04T23:14:04+00:00\",\n\t            \"dateModified\": \"2023-11-05T05:48:00+00:00\",\n\t            \"mainEntityOfPage\": {\n\t                \"@id\": \"http:\/\/localhost:10003\/securing-your-api-with-azure-api-management\/\"\n\t            },\n\t            \"wordCount\": 945,\n\t            \"publisher\": {\n\t                \"@id\": \"http:\/\/localhost:10003\/#organization\"\n\t            },\n\t            \"keywords\": [\n\t                \"\\\"API authentication\\\"\",\n\t                \"\\\"API authorization\\\"\",\n\t                \"\\\"API gateway\\\"\",\n\t                \"\\\"API key management\\\"]\",\n\t                \"\\\"API security\\\"\",\n\t                \"\\\"Azure API Management\\\"\",\n\t                \"[\\\"Securing your API\\\"\"\n\t            ],\n\t            \"inLanguage\": \"en-US\"\n\t        },\n\t        {\n\t            \"@type\": \"WebPage\",\n\t            \"@id\": \"http:\/\/localhost:10003\/securing-your-api-with-azure-api-management\/\",\n\t            \"url\": \"http:\/\/localhost:10003\/securing-your-api-with-azure-api-management\/\",\n\t            \"name\": \"Securing your API with Azure API Management - Pantherax Blogs\",\n\t            \"isPartOf\": {\n\t                \"@id\": \"http:\/\/localhost:10003\/#website\"\n\t            },\n\t            \"datePublished\": \"2023-11-04T23:14:04+00:00\",\n\t            \"dateModified\": \"2023-11-05T05:48:00+00:00\",\n\t            \"breadcrumb\": {\n\t                \"@id\": \"http:\/\/localhost:10003\/securing-your-api-with-azure-api-management\/#breadcrumb\"\n\t            },\n\t            \"inLanguage\": \"en-US\",\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"ReadAction\",\n\t                    \"target\": [\n\t                        \"http:\/\/localhost:10003\/securing-your-api-with-azure-api-management\/\"\n\t                    ]\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"BreadcrumbList\",\n\t            \"@id\": \"http:\/\/localhost:10003\/securing-your-api-with-azure-api-management\/#breadcrumb\",\n\t            \"itemListElement\": [\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 1,\n\t                    \"name\": \"Home\",\n\t                    \"item\": \"http:\/\/localhost:10003\/\"\n\t                },\n\t                {\n\t                    \"@type\": \"ListItem\",\n\t                    \"position\": 2,\n\t                    \"name\": \"Securing your API with Azure API Management\"\n\t                }\n\t            ]\n\t        },\n\t        {\n\t            \"@type\": \"WebSite\",\n\t            \"@id\": \"http:\/\/localhost:10003\/#website\",\n\t            \"url\": \"http:\/\/localhost:10003\/\",\n\t            \"name\": \"Pantherax Blogs\",\n\t            \"description\": \"\",\n\t            \"publisher\": {\n\t                \"@id\": \"http:\/\/localhost:10003\/#organization\"\n\t            },\n\t            \"potentialAction\": [\n\t                {\n\t                    \"@type\": \"SearchAction\",\n\t                    \"target\": {\n\t                        \"@type\": \"EntryPoint\",\n\t                        \"urlTemplate\": \"http:\/\/localhost:10003\/?s={search_term_string}\"\n\t                    },\n\t                    \"query-input\": \"required name=search_term_string\"\n\t                }\n\t            ],\n\t            \"inLanguage\": \"en-US\"\n\t        },\n\t        {\n\t            \"@type\": \"Organization\",\n\t            \"@id\": \"http:\/\/localhost:10003\/#organization\",\n\t            \"name\": \"Pantherax Blogs\",\n\t            \"url\": \"http:\/\/localhost:10003\/\",\n\t            \"logo\": {\n\t                \"@type\": \"ImageObject\",\n\t                \"inLanguage\": \"en-US\",\n\t                \"@id\": \"http:\/\/localhost:10003\/#\/schema\/logo\/image\/\",\n\t                \"url\": \"http:\/\/localhost:10003\/wp-content\/uploads\/2023\/11\/cropped-9e7721cb-2d62-4f72-ab7f-7d1d8db89226.jpeg\",\n\t                \"contentUrl\": \"http:\/\/localhost:10003\/wp-content\/uploads\/2023\/11\/cropped-9e7721cb-2d62-4f72-ab7f-7d1d8db89226.jpeg\",\n\t                \"width\": 1024,\n\t                \"height\": 1024,\n\t                \"caption\": \"Pantherax Blogs\"\n\t            },\n\t            \"image\": {\n\t                \"@id\": \"http:\/\/localhost:10003\/#\/schema\/logo\/image\/\"\n\t            }\n\t        },\n\t        {\n\t            \"@type\": \"Person\",\n\t            \"@id\": \"http:\/\/localhost:10003\/#\/schema\/person\/b63d816f4964b163e53cbbcffaa0f3d7\",\n\t            \"name\": \"Panther\",\n\t            \"image\": {\n\t                \"@type\": \"ImageObject\",\n\t                \"inLanguage\": \"en-US\",\n\t                \"@id\": \"http:\/\/localhost:10003\/#\/schema\/person\/image\/\",\n\t                \"url\": \"http:\/\/2.gravatar.com\/avatar\/b8c0eda5a49f8f31ec32d0a0f9d6f838?s=96&d=mm&r=g\",\n\t                \"contentUrl\": \"http:\/\/2.gravatar.com\/avatar\/b8c0eda5a49f8f31ec32d0a0f9d6f838?s=96&d=mm&r=g\",\n\t                \"caption\": \"Panther\"\n\t            },\n\t            \"sameAs\": [\n\t                \"http:\/\/localhost:10003\"\n\t            ],\n\t            \"url\": \"http:\/\/localhost:10003\/author\/pepethefrog\/\"\n\t        }\n\t    ]\n\t}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Securing your API with Azure API Management - Pantherax Blogs","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/localhost:10003\/securing-your-api-with-azure-api-management\/","og_locale":"en_US","og_type":"article","og_title":"Securing your API with Azure API Management","og_description":"When an API is designed, the security of the API is a crucial aspect that should not be overlooked. Secure APIs help provide better protection against unauthorized access and ensure that data is shared only amongst authorized entities. Azure API Management is a service provided by Microsoft Azure that helps Continue Reading","og_url":"http:\/\/localhost:10003\/securing-your-api-with-azure-api-management\/","og_site_name":"Pantherax Blogs","article_published_time":"2023-11-04T23:14:04+00:00","article_modified_time":"2023-11-05T05:48:00+00:00","author":"Panther","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Panther","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/localhost:10003\/securing-your-api-with-azure-api-management\/#article","isPartOf":{"@id":"http:\/\/localhost:10003\/securing-your-api-with-azure-api-management\/"},"author":{"name":"Panther","@id":"http:\/\/localhost:10003\/#\/schema\/person\/b63d816f4964b163e53cbbcffaa0f3d7"},"headline":"Securing your API with Azure API Management","datePublished":"2023-11-04T23:14:04+00:00","dateModified":"2023-11-05T05:48:00+00:00","mainEntityOfPage":{"@id":"http:\/\/localhost:10003\/securing-your-api-with-azure-api-management\/"},"wordCount":945,"publisher":{"@id":"http:\/\/localhost:10003\/#organization"},"keywords":["\"API authentication\"","\"API authorization\"","\"API gateway\"","\"API key management\"]","\"API security\"","\"Azure API Management\"","[\"Securing your API\""],"inLanguage":"en-US"},{"@type":"WebPage","@id":"http:\/\/localhost:10003\/securing-your-api-with-azure-api-management\/","url":"http:\/\/localhost:10003\/securing-your-api-with-azure-api-management\/","name":"Securing your API with Azure API Management - Pantherax Blogs","isPartOf":{"@id":"http:\/\/localhost:10003\/#website"},"datePublished":"2023-11-04T23:14:04+00:00","dateModified":"2023-11-05T05:48:00+00:00","breadcrumb":{"@id":"http:\/\/localhost:10003\/securing-your-api-with-azure-api-management\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/localhost:10003\/securing-your-api-with-azure-api-management\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/localhost:10003\/securing-your-api-with-azure-api-management\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/localhost:10003\/"},{"@type":"ListItem","position":2,"name":"Securing your API with Azure API Management"}]},{"@type":"WebSite","@id":"http:\/\/localhost:10003\/#website","url":"http:\/\/localhost:10003\/","name":"Pantherax Blogs","description":"","publisher":{"@id":"http:\/\/localhost:10003\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/localhost:10003\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"http:\/\/localhost:10003\/#organization","name":"Pantherax Blogs","url":"http:\/\/localhost:10003\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/localhost:10003\/#\/schema\/logo\/image\/","url":"http:\/\/localhost:10003\/wp-content\/uploads\/2023\/11\/cropped-9e7721cb-2d62-4f72-ab7f-7d1d8db89226.jpeg","contentUrl":"http:\/\/localhost:10003\/wp-content\/uploads\/2023\/11\/cropped-9e7721cb-2d62-4f72-ab7f-7d1d8db89226.jpeg","width":1024,"height":1024,"caption":"Pantherax Blogs"},"image":{"@id":"http:\/\/localhost:10003\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"http:\/\/localhost:10003\/#\/schema\/person\/b63d816f4964b163e53cbbcffaa0f3d7","name":"Panther","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/localhost:10003\/#\/schema\/person\/image\/","url":"http:\/\/2.gravatar.com\/avatar\/b8c0eda5a49f8f31ec32d0a0f9d6f838?s=96&d=mm&r=g","contentUrl":"http:\/\/2.gravatar.com\/avatar\/b8c0eda5a49f8f31ec32d0a0f9d6f838?s=96&d=mm&r=g","caption":"Panther"},"sameAs":["http:\/\/localhost:10003"],"url":"http:\/\/localhost:10003\/author\/pepethefrog\/"}]}},"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"http:\/\/localhost:10003\/wp-json\/wp\/v2\/posts\/4125"}],"collection":[{"href":"http:\/\/localhost:10003\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/localhost:10003\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/localhost:10003\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/localhost:10003\/wp-json\/wp\/v2\/comments?post=4125"}],"version-history":[{"count":1,"href":"http:\/\/localhost:10003\/wp-json\/wp\/v2\/posts\/4125\/revisions"}],"predecessor-version":[{"id":4421,"href":"http:\/\/localhost:10003\/wp-json\/wp\/v2\/posts\/4125\/revisions\/4421"}],"wp:attachment":[{"href":"http:\/\/localhost:10003\/wp-json\/wp\/v2\/media?parent=4125"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/localhost:10003\/wp-json\/wp\/v2\/categories?post=4125"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/localhost:10003\/wp-json\/wp\/v2\/tags?post=4125"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}