Andrew Wilson's Blog

{ ... Plan - Architect - Develop - Reflect - Improve - Repeat ... }

Azure API Management | Function App Backend

Overview Following on from a previous set of posts from earlier this year where I detailed how to securely implement Logic App Standard backends in Azure API Management, there has been questions on how this would be achieved in a similar manner with Azure Function Apps. To read-up on how this was achieved with Standard Logic Apps have a look at the following: Azure API Management | Logic App (Standard) Backend Azure API Management | Logic App (Standard) Backend Using a Swagger Definition Easy Auth | Standard Logic App with Azure API Management At a high level comparison with Azure Logic Apps, Azure Functions are a developer-centric serverless compute offering allowing authors to write code in languages such as C#, Java, Javascript, Python, and PowerShell.

Easy Auth | Standard Logic App with Azure API Management

Overview The recent work that I have been doing with Standard Logic Apps and linking them as backends to Azure API Management has relied on the use of the Logic App Workflow SAS key for security. This is a valid authentication approach, but there are risks that you need to be aware of as well as best practices that you need to be abiding by. Such as: Some Potential Risks:

Azure API Management | Logic App (Standard) Backend Using a Swagger Definition

Overview After setting up a Logic App (Standard) Backend in Azure API Management (APIM) in my last post, I wanted to try and see if I could create a Swagger definition from a Standard Logic App which could then be used to simplify the API authoring process in APIM. This post shows my methods of doing so. If you haven’t already I would recommend reading my previous post as this one will be working off of the building blocks of the last.

Azure API Management | Logic App (Standard) Backend

Overview Updated [31/01/2024]: See New Post showing methods of linking a Logic App Standard as a Backend to APIM through a Swagger Definition. I have recently been reviewing the method in which a Logic App (Standard) workflow would be setup as an API in API Management. My aim is to overcome and simplify the limitation whereby directly importing a Logic App (Standard) workflow is not available, only in consumption. After some exploration I believe I have identified a configurable and secure method in setting up the front-to-backend routing as can be seen in the diagram below: The overall design aims to abstract the backend from the api operations, i.

Azure API Management | Unintentional Pass through of Subscription Key Header

Problem Space There is a potential unintentional side effect when you add a APIM subscription key as a header to an inbound request. The header is not stripped from the request prior to being sent to the configured backend service. Rather it is retained. If you manage the backing service and are not concerned with the disclosure of the subscription key, then no problem. However, being overly permissive of this information may make your API more vulnerable to security threats and disallows a separation of concerns.