Azure API Management and Application Gateway: An Introduction

Azure API Management and Application Gateway: An Introduction

What is Azure API Management and Application Gateway and why they both work great together for securing and scaling cloud services.

The transition to cloud-based services by current businesses and organizations opens a new way and necessity of publishing and consuming data for enabling new services, digital experiences and applications, either for internal or external usage, which leads to an increased dependency on APIs.

To overcome this it's important to have effective tools for managing these APIs and applications, and their entire lifecycle in a more centralized and secure way.

This is where Azure API Management (APIM) and Azure Application Gateway come into play. These two Azure services, being used together, can create a great solution for managing cloud-based solutions by offering a lot of ways for managing, securing and observing APIs and web applications.

Presenting Azure API Management

Microsoft: API Management Components

APIM is a powerful tool that makes it easy for organizations to manage and publish their APIs.

APIM, which abstracts all the backend architecture and complexity from consumers enables a single HTTPS endpoint to be used to access all the APIs that are behind it. Since this is a complex system it is divided into three main components:

  • API Gateway: the first point of contact for each request and acts as a facade that routes the request to the correct backend. Provides also the necessary way for centralizing and having a consistent configuration for security, caching, throttling and routing. Enforces the different centralized policies for usage quotas and limits, verifying JWT tokens and API tokens and so on.

  • Management plane: provides full access to the service capabilities. It's the resource managing interface on the Azure Portal which can be interacted also in different ways: Powershell, Azure CLI, etc.

  • Developer portal: a global customizable portal where you can explore all the available APIs, check their documentation, and learn how to onboard and consume them.

Besides the technical stuff, there are also some important concepts that we have to understand:

  • APIs: represents a set of operations available to be consumed which are directly tied to the backend service that implements that API and the specific operation.

  • Products: they aggregate APIs and can contain one more API inside. Products are an important concept since they can be open (freely consumed) and protected (require a subscription key).

    Linked to a Product there is also a subscription approval process that defines in the end if you can consume the APIs inside that Product or not.

  • Groups: they manage the visibility of products to developers/consumers.

Presenting Azure Application Gateway

Microsoft: Application Gateway

Azure Application Gateway, on the other hand, is a web traffic load balancer that provides advanced features for managing web applications.

Application Gateway works on the Layer 7 of the OSI Model which, unlike traditional load balancers that work on Layer 4, enables us to route traffic based on source IP address but also on extra attributes from HTTP Headers such as URI paths or host headers. It provides security features such as SSL or TLS termination, which can help improve the performance of web applications by offloading SSL encryption and decryption to the gateway, and finally web application firewall (WAF) protection.

The dynamic duo

Dynamic duo

We saw that APIM provides an API Gateway so why bother introducing a new resource in the mix that does almost the same job?

Application Gateway provides several functionalities that combined with APIM will bring your cloud service to the next level. With Application Gateway you add an extra layer of protection and security:

  • You can protect your Internet Public IP Address of APIM.

  • You can selectively expose external APIs and maintain other APIs as internal allowing you to manage complex web applications.

  • The WAF can protect against the most common web vulnerabilities such as SQL injection, cross-site scripting (XSS), HTTP request smuggling and others.

Conclusion

Azure: APIM and Gateway simple scheme

In conclusion, APIM and Application Gateway are powerful tools for managing cloud-based services. By using these two services together, organizations can create a great solution for managing their APIs and web applications, making it easier for developers to create and manage their services, and for consumers to access and use those services. As businesses continue to transition to cloud-based services, these tools will become increasingly important for managing cloud-based applications and services.

Stay tuned for the next series which will we configure both services for working together and dig dip into more advanced topics.

Image Credits: