Chapter 4. What is Azure API Management?

In the previous chapters, we have discussed what integration is in the new world of cloud computing and taken a look at how we can start building these integrations through the use of an Azure App Service plan and API Apps.

In order to understand how this applies more readily to an enterprise, it is important to know how to control and manage API assets that exist or are built as part of any enterprise development.

Typically, modern APIs are used to achieve one of the following two outcomes:

• To expose the on-premises line of business applications, such as Customer Relationship Management (CRM) or Enterprise Resource Planning (ERP) solutions to other applications that need to consume and interact with these enterprise assets both on-premises and in the cloud
• To provide access to the API for commercial purposes to monetize access to the assets exposed by the API

The latter use case is important as it allows organizations to extend the use of their API investment, and it has led to what has become known as the API economy.

The API economy provides a mechanism to gain additional value from data contained within the organizational boundary whether that data exists in the cloud or on-premises.

When providing access to information via an API, two considerations are important:

• Compliance: This ensures that access to the API and the use of the API meets requirements around internal or legal policies and procedures, and it provides reporting and auditing information
• Governance: This ensures the API is accessed and used only by those authorized to do so, and in a way that is controlled and if necessary metered, and provides reporting and auditing information, which can be used, for example, to provide usage information for billing

In order to achieve this at scale in an organization, a tool is required that can be used to apply both compliance and governance structures to an exposed endpoint. This is required to ensure that the usage of the information behind that endpoint is limited only to those who should be allowed access and only in a way that meets the requirements and policies of the organization. This is where API Management plays a significant role.

There are two main types of tools that fit within the landscape that broadly fall under the banner of API Management:

• API Management: These tools provide the compliance and governance control required to ensure that the exposed API is used appropriately and data presented in the correct format. For example, a message may be received in XML format, but the consuming service may need the data in JSON format. They can also provide monitoring tools and access control that allows organizations to gain insight into the use of the API, perhaps with the view to charge a fee for access.
• API Gateway: These tools provide the same or similar level of management as normal API Management tools, but often include other functionality that allows some message mediation and message orchestration thereby allowing more complex interactions and business processes to be modeled, exposed, and governed.

Microsoft Azure API Management falls under the first category above whilst Logic Apps, which are described in detail in subsequent chapters, when combined with Azure API Management provides the capabilities (and more) that API Gateways offer.

Another important aspect of providing management of APIs is creating documentation that can be used by consumers, so they know how to interact with, and get the best out of, the API.

For APIs, generally, it is not a case of build it and they will come, so some form of documentation that includes endpoint and operation information, along with sample code, can lead to greater uptake of usage of the API.

Azure API Management is currently offered in three tiers: Developer, Standard, and Premium. The details associated with these tiers at the time of writing are shown in the following table:

Key items of note in the table are Scale-out, Multi-Region Deployment, and Azure Active Directory Integration.

• Scale-out: This defines how many instances, or units, of the API instance are possible; this is configured through the Azure Classic Portal
• Multi-Region Deployment: When using Premium tier, it is possible to deploy the API Management instance to many locations to provided geographically distributed load
• Azure Active Directory Integration: If an organization synchronizes an on-premises Active Directory domain to Azure, access to the API endpoints can be configured to use Azure Active Directory to provide same sign-on capabilities

The main use case for Premium tier is if an organization has many hundreds or even thousands of APIs they want to expose to developers, or in cases where scale and integration with line of business APIs is critical.