api-management | API Management for Membrane Service Proxy | REST library
kandi X-RAY | api-management Summary
kandi X-RAY | api-management Summary
API Management solution based on Membrane Service Proxy providing a developer portal, API keys and an admin console.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- read service changes
- call a method
- Extract the service proxy proxy for the given entity .
- Generate an endpoint endpoint
- return edit property
- Build a URL builder .
- Builds a URL .
- parse the results
- Compare two arguments .
- Gets results by response object
api-management Key Features
api-management Examples and Code Snippets
Community Discussions
Trending Discussions on api-management
QUESTION
I am trying to test out the sample code by azure "Authenticate using Managed Identity to access Service Bus" and its on github:
Azure API Management Policy Snippets
What I have done is in below steps:
- Created an Azure API Management Service. In this I added an API which has a POST method
- I also enabled a System Generated Managed Identity for this APIM
- I created a Service Bus and create a queue
- I added the managed identity to a role of "Azure Service Bus Data Sender" on the queue.
- Last, I modified the code from azure to have names from objects I created above and it looks like below:
On running a test on API I get error: "500 Internal Server Error". The message of course is not being sent. Any idea what I may be doing wrong here? Help appreciated.
...ANSWER
Answered 2022-Mar-30 at 05:13QUESTION
We have the current situation:
- In Azure API manager we build some APIs based on a Swagger definition.
- The provider of the APIs provided us with a client id and secret.
- Some of these API calls need to be authenticated with a bearer token which is generated on the provider's API infrastructure with a /token endpoint mentioned above and we want to integrate the authentication flow for these API calls in APIM (since the frontend will be authenticated in another way (CORS probably))
- We tried various approaches using all kinds of variations in "OAuth2.0" service configurations in the APIM setting and apply them to the API definitions by We kept getting Unauthorized 401.
As starting point we used https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad, but most of the the explanations we found concerned using AD, which we don't need as far as we understand.
We tried to implement the following OAuth 2.0 Postman Authorization configuration into APIM (which actually works in Postman).
Is there a simple and straight forward way to tell APIM to do a call to the token URL with a given ClientId and secret and add the authorization header with a bearer token to the backend API?
...ANSWER
Answered 2021-Dec-07 at 14:38Yes - you can do this and here is a Curity resource that follows a similar process:
- Make an OAuth request to get a JWT based on an incoming credential
- Forward it to the downstream API
- Cache the result for subsequent requests with the same incoming credential
Your case is a little different but uses the same building blocks. You just need to adapt the OAuth message to use the Client Credentials flow.
QUESTION
With Apim i'm trying to call a backend Api that needs a OAuth2 validation. This question are more or less similair to this: Azure API Management: Oauth2 with backend API But there are no good answer here...
I have been reading alot about policies and caching. But can't seem to set it up correctly. I hope to be able to cal the apim, and then the apim calls the backend api to get a token and with that token call an Api to get some output data. I also found one where i had to setup some policies in the backend-part.. Can anyone help me set up the policies ?
my policy is like:
...ANSWER
Answered 2021-Nov-17 at 13:27I found the answer to my own Question :-) I try to comment on each line, but if you take alle the code and put it together you get a policy to handle Oauth2 in a backend api.
In the inbound section, the cache-lookup-value Assigns the value in cache to the context variable called “bearerToken”. On first entry, the cache value will be null and the variable will not be created.
QUESTION
how to protect the APIs on a self hosted gateway from unauthorized use with client certificates?
The documentation on this topic is too unclear for me:
Thanks.
...ANSWER
Answered 2021-Nov-02 at 07:55- You can validate certificates presented by the connecting client and check certificate properties against desired values using policy expressions.
- For information about securing access to the back-end service of an API using client certificates, refer How to secure back-end services using client certificate authentication
- To receive and verify client certificates over HTTP/2 in the Developer, Basic, Standard, or Premium tiers you must turn on the "Negotiate client certificate" setting on the "Custom domains" blade.
- To receive and verify client certificates in the Consumption tier you must turn on the "Request client certificate" setting on the "Custom domains" blade.
- Policy to validate client certificates- Use the validate-client-certificate policy to validate one or more attributes of a client certificate.
- Certificate validation with context variables - You can also create policy expressions with the
context
variable to check client certificates. - Checking the issuer and subject
- Checking the thumbprint
- Checking a thumbprint against certificates uploaded to API Management. For more detailed information please refer secure APIs using client certificate authentication in API Management
QUESTION
This is probably a dumb question, but I just want to make sure with the below.
I am currently using the requests library in python. I am using this to call an external API hosted on Azure cloud.
If I use the requests library from a virtual machine, and the requests library sends to URL: https://api-management-example/run, does that mean my communication to this API, as well as the entire payload I send through is secure? I have seen in my Python site-packages in my virtual environment, there is a cacert.pem file. Do I need to update that at all? Do I need to do anything else on my end to ensure the communication is secure, or the fact that I am calling the HTTPS URL means it is secure?
Any information/guidance would be much appreciated.
Thanks,
...ANSWER
Answered 2021-Nov-21 at 05:42Post requests are more secure because they can carry data in an encrypted form as a message body. Whereas GET requests append the parameters in the URL, which is also visible in the browser history, SSL/TLS and HTTPS connections encrypt the GET parameters as well. If you are not using HTTPs or SSL/TSL connections, then POST requests are the preference for security. A dictionary object can be used to send the data, as a key-value pair, as a second parameter to the post method.
The HTTPS protocol is safe provided you have a valid SSL certificate on your API. If you want to be extra safe, you can implement end-to-end encryption/cryptography. Basically converting your so called plaintext, and converting it to scrambled text, called ciphertext.
QUESTION
I am unable to get a dropdown menu to work in the api management developer portal. There is very little documentation about this, but I have seen from github questions that it is suppose to be able to have a dropdown menu in the top menu bar like in this link
I am unable to get this myself. I have created pages in the navigation menu that have subpages, and I tried to add a menu widget to the top bar with the root navigation item beeing the menu with subpages, but there is no options when editing the menu to select the list to be dropdown.
How can I get dropdown menues?
There are no "Submenu" or "Menu with Dropdown" widgets, the only other dropdown widgets I find is "List of APIs (dropdown)" and "List of products (dropdown)".
...ANSWER
Answered 2021-Nov-02 at 22:31In the navigation structure you can create sub-menus by selecting a parent item and then clicking "Add navigation item" to add child items (also you can use arrow keys to make an existing item a subpage or promote it to parent level). After that, the Menu widget with "Horizontal" layout will display the dropdown when clicking on them. Menus with "Vertical" layout will form a tree of navigation items.
QUESTION
I'm trying to folllow Azure Tutorial on how to get Api Management under a vnet and accessible through an application gateway (WAF). I'm stuck trying to upload the root cert into application gateway. It says that the "Data for certificate is invalid", apparently Azure Application gateway doesn’t like Letsencrypt certs.
My certs are:
- mydomain.com.br
- api.mydomain.com.br
- developer.mydomain.com.br
- managemnet.mydomain.com.br
I have used acmesh to generate all certs:
...ANSWER
Answered 2021-Aug-30 at 21:17Why you want to add the Lets Encrypt Root CA cert on your application gateway?
From my understanding the Root CA from Lets Encrypt is ISRG Root X1
and this one should be already trusted by Clients (Browsers).You only want to add the Root CA if you have self signed certificates.
Here is a workflow with storing the certs in Azure Key Vault: https://techblog.buzyka.de/2021/02/make-lets-encrypt-certificates-love.html
Another Workflow here describes adding certs with ACME challenges: https://intelequia.com/blog/post/1012/automating-azure-application-gateway-ssl-certificate-renewals-with-let-s-encrypt-and-azure-automation
QUESTION
I am developing an Android app that doesn't require any login to use it. This app will call an endpoint on Azure API Management that I have created.
Is it possible to ensure that only that client (app) is able to call the API? I have tried this tutorial but it seems to require the users to authenticate on Active Directory.
...ANSWER
Answered 2021-Sep-24 at 14:06If you're using OAuth and tokens to access your API you might want to have a look at the client credentials. It's a flow where the client (your app), authenticates and gets an access token, without any user interaction. In a mobile environment you will need to dynamically register each installation of your app, so that each app has its own secret. You can't use one secret and compile it into your code as anyone will be able to steal it. If DCR is too much for you, you can use some kind of proxy - have your app talk to a backend service, which in turn will talk to the OAuth server. Such a backend service can keep a secret and use it to obtain client credentials tokens.
QUESTION
I want to create an API Gateway Resource in Azure. I got links on how to create API management instance but that doesn't talk about creating a gateway.
...ANSWER
Answered 2021-Sep-14 at 04:09Thank you Tom W and Amber Bhanarkar. Posting your suggestions as an answer to help other community members.
Go to your API Management instance
In the Azure portal, search for and select API Management services.
On the API Management services page, select your API Management instance.
Provision a self-hosted gateway
- Select the Gateways from under Deployment and infrastructure.
- Click + Add.
- Enter the Name and Region of the gateway.
- Optionally, enter a Description of the gateway resource.
- Optionally, select + under APIs to associate one or more APIs with this gateway resource and click Add.
Now the gateway resource has been provisioned in your API Management instance. You can proceed to deploy the gateway.
You can refer to Azure API Management and Application Gateway integration, Integrate API Management in an internal virtual network with Application Gateway and Protect APIs with Application Gateway and API Management
QUESTION
I'm doing some tests with Azure APIM and have already published an API on the developer portal. I have the docs, have it secured using OAuth2 with Azure AD with client_credentials flow. I can invoke this API from Postman and from the developer portal.
Unfortunatelly, the client_id and secret are set on the configuration and the developer cannot self service them. Is there a way to do so instead of having to add it manually to each developer?
I was looking for something like this: https://tyk.io/docs/tyk-stack/tyk-developer-portal/portal-oauth-clients/
...ANSWER
Answered 2021-Aug-30 at 09:21Azure APIM itself doesn't act as an identity provider like tyk but instead uses Azure AD (or rather any OAuth 2.0 provider).
The configuration in the docs is primarily to get the Developer Portal Console (the one used to test APIs) to work. For the actual API calls, there is no configuration required.
The validate-jwt
policy is what takes care of preauthorization of requests.
Since you are looking for the client credentials flow alone, you could simply expose a portal that can create the required app registrations on your Azure AD using the Microsoft Graph API and expose the client id/secret to your users.
The current developer portal doesn't support this as of today but is something you could contribute to if you wish.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install api-management
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page