I have one AZURE Apim which is mapped to App service where I have deployed web API's(separate API for each customer).
I have added an API URL prefix(Customer Name) in APIM endpoint so that I can define endpoints based on the customer as below.
APIM URL: http://demoapim.com
apim URL prefix : customer name(cust1, cust2)
so now URL would be
http://demoapim.com/cust1
http://demoapim.com/cust2
web API endpoint: http://cutomerapi.com/details
When I am trying to access http://demoapim.com/cust2/details or http://demoapim.com/cust1/details,
it gives 404.but http://demoapim.com/details works.
Please help me what I am missing here.
After understanding apim, I have the following points, I hope it can be helpful to you.
No matter how many apim URL prefixes, cust1, cust2 and so on you have set. The final access address is /cust1/details, the route of this address is not recognized in webapp services. So the problem now arises.
So I think the problem should not be in apim services, what you should pay attention to is your webapp services. You can rewrite the url or identify cust1 or cust2 for the access request and return the corresponding data.
URL Rewrite eg.
Your original URL:
http://demoapim.com/cust2-details
Final URL:
http://demoapim.com?cust=cust2&title=details
Using url rewrite in webapp services will better meet your business needs.
Related
I am trying to create api and expose them via APIM. The path of the api that I expect is
baseUrl/v1/Product/Upload.
But when i try to use versioning of APIM, I could only come up with something like
baseUrl/Product/v1/Upload, where Product is API url suffix.
Is there a way in APIM to change the order in which version number is placed in the url path.
Every API Developer will have their own requirement of versioning. So Azure API Management provide several options instead of a single approach to versioning. And Path-based versioning is one of those options.
If you check this Path-based versioning section of Microsoft document then you will find -
When the path versioning scheme is used, the version identifier needs to be included in the URL path for any API requests.
The format of an API request URL when using path-based versioning is as follows.
https://{yourDomain}/{apiName}/{versionIdentifier}/{operationId}
It is recommended to follow this format but if you want to modify it you can use the API Management transformation policies. The rewrite-uri policy converts a request URL from its public form to the form expected by the web service.
Read this Rewrite URL and Policy Expressions in Azure API Management document for more information.
I have single azure function app. I want to create 2 different API endpoints in Azure APIM. How I can do that?
According to some test, it seems we can't implement the requirement by adding an operation in api management because it will show error message Operation with the same method and URL template already exists.
And if we use some other methods such as clone the operation, it will also fail with 404 error because the URL field will change and can not match the function url.
So I think you can just add another api in your api management to implement the requirement (shown like below screenshot).
The two APIM endpoints should be:
https://huryapim.azure-api.net/huryFun1/HttpTrigger1 and https://huryapim.azure-api.net/huryFun2/HttpTrigger1. Both of them request the same azure function url in backend.
I have 2 APIs in azure API gateway.
Generates a token from 1 API.
Use that token in authentication in another API
How can I combine the above APIs into 1 or connect both in 1 flow?
Note: Both the APIs are on different servers
If the backend url is different, its better to configure as two APIs.
Please follow the steps below.
Create Auth API and set the auth server as backend url
Create your API which consumes and set the backendurl.
Create a product which links these 2 apis. (So the subscription key will be same for the both apis.)
The user can call the auth url and get the token
Add it as a header to the next api.
If you only want to configure single api, follow below steps.
Create the api with auth endpoint in it.
Use the <set-backend-service/> for the auth url to set the differnt backend server.
see more on https://learn.microsoft.com/en-us/azure/api-management/api-management-transformation-policies#SetBackendService
create a product with single api
Here the url prefix will be same and functionality will be working as expected.
I want to use from my android/ios app the autocomplete api. For this I need to call url like:
https://maps.googleapis.com/maps/api/place/autocomplete/json?input=paris&key=<myapikey>
the problem is: What can make that someone else will not extract from my app my api key and use it for his own purpose ? It's important because at the end it's me who will be billed by google for the usage ...
Your intention is to call a Places API web service. Google Maps web services support only IP address restrictions.
You can check what type of restriction is supported by each API on the following page:
https://developers.google.com/maps/faq#keysystem
In order to protect an API key that is used with your sample request you should create an intermediate server and send your requests from this server. So your application should send request to intermediate server, intermediate server should send Places autocomplete request with protected API key to Google and pass response back to your app. In this case you can use an IP address of your intermediate server to protect unauthorized access with your API key.
I hope this helps!
What if you create and intermediate server and create a token for each single user, and also create a monitoring service which block suspicious behavior?
for example, a normal user would request x times/per day || hour || ...
Or
when a user runs application for the first time, application receives the [encrypted api + decryption key] and store them to a safe place like keychain(for iOS)
As I know, if you request directly to google-map-api there is always a way to sniffing packets.
we have an production issue where the order is submitted twice. Currently we have an API for order and we are exposing this to client using API management and in these we have policies for URL mapping for customer facing to actual .
Now , our actual API got 2 request so we thought customer submitted twice but they have confirmed that they have not submitted twice , so either there is issue with API management which fired 2 request.
How can i Identify the request received by the API management ?
Is there any chance that API management will fire the request twice ?
Appreciate any pointers
The only way to fire request twice in APIM would be by the means of Retry policy or manually using SendRequest. Otherwise it should be a client calling your API two times. Each request in APIM get it's own unique id accessible in policies as context.RequestId, this is the main way to track and identify them. But these ids are produced inside APIM itself thus are useful only if you're tracking a call from APIM and into backend.
Your best option now is to try to identify requests by client ip, method, uri, and time frame. APIM allows you to grab logs for certain periods of time (better if kept short) in JSON or CSV with data I mentioned above. To do that look into byRequest report (https://learn.microsoft.com/en-us/rest/api/apimanagement/reports#ReportByRequest), grab JSON/CSV and try to identify calls of interest,
For future you could look into onboarding your service to azure monitor (https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-use-azure-monitor) or log analytics those provide easier way to traverse logs.