In this page, there are 2 roles supposed to be provided after the migration of the old "publisher portal" to the Azure portal (https://learn.microsoft.com/en-us/azure/api-management/api-management-role-based-access-control): APIM Service Editor and APIM Content Manager.
These roles are still not available (in West Europe), what is the roadmap, please?
The Service Editor role will be available after we migrate all the
admin UI from the existing publisher portal to the Azure portal. The
Content Manager role will be available after the publisher portal is
refactored to only contain functionality related to managing the
developer portal
There is no exact date for this. You can monitor the updates from the Azure update website.
Related
I have created a web application as a private developer for a friends company. All the code lives within my personal Azure Dev Ops portal and at present has a pipeline configured to build and a release configured to release to a web application within my Azure tenant.
How can I now create a new release pipeline so that the code will be published to the a web application within the companies official Azure tenant?
We have created an Azure subscription and a web application using my friends company office 365 account but I somehow need to grant access or authorise my personal Azure Devops portal to publish.
After a lot of searching and playing it would seem there are many many ways to do this. In the end I went down the route of adding my friends work account to my Azure DevOps project so that they could create a service connection by authorising with their Office 365 account.
Once done I gained access to the subscription when creating the release.
I'm doing some tests with Azure APIM and have already published an API on the developer portal. I have the docs, have it secured using OAuth2 with Azure AD with client_credentials flow. I can invoke this API from Postman and from the developer portal.
Unfortunatelly, the client_id and secret are set on the configuration and the developer cannot self service them. Is there a way to do so instead of having to add it manually to each developer?
I was looking for something like this: https://tyk.io/docs/tyk-stack/tyk-developer-portal/portal-oauth-clients/
Azure APIM itself doesn't act as an identity provider like tyk but instead uses Azure AD (or rather any OAuth 2.0 provider).
The configuration in the docs is primarily to get the Developer Portal Console (the one used to test APIs) to work. For the actual API calls, there is no configuration required.
The validate-jwt policy is what takes care of preauthorization of requests.
Since you are looking for the client credentials flow alone, you could simply expose a portal that can create the required app registrations on your Azure AD using the Microsoft Graph API and expose the client id/secret to your users.
The current developer portal doesn't support this as of today but is something you could contribute to if you wish.
We have several instance of APIM created a few months ago. Earlier this month we found a new developer portal. The new developer portal works fine for some of our APIM instance. However some of them have an internal VNET setup. So we configured custom domain for Gateway, New developer portal and Direct management. However, if I go the new developer portal it never loads correctly. It tries to access some endpoint of direct management and get request time out.
From the documentation:
If your API Management service is in an internal VNet, your developer
portal is only accessible from within the network. The management
endpoint's host name must resolve to the internal VIP of the service
from the machine you use to access the portal's administrative
interface. Make sure the management endpoint is registered in the DNS.
In case of misconfiguration, you will see an error: Unable to start the portal. See if settings are specified correctly in the configuration (...).
https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-developer-portal#do-i-need-to-enable-additional-vnet-connectivity-for-the-new-managed-portal-dependencies
How to access APIM developer portal from internet when APIM is kept internal?
I checked some Microsoft document but did not get it how to do it.
You can Integrate API Management in an internal VNET with Application Gateway.
Combining API Management provisioned in an internal VNET with the Application Gateway frontend enables the following scenarios:
Use the same API Management resource for consumption by both internal
consumers and external consumers.
Use a single API Management resource and have a subset of APIs
defined in API Management available for external consumers.
Provide a turn-key way to switch access to API Management from the
public Internet on and off.
Follow this link for more information : https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-integrate-internal-vnet-appgateway
Does anyone have any experience using the REST API reference for Windows Store for Business (https://msdn.microsoft.com/en-us/library/windows/hardware/mt608306(v=vs.85).aspx)?
I'm trying to use it to but having authorization issues. Does anyone know what needs to be passed over for authorization when using the api?
Then Store for Business service reply on Azure Directory for authentication. The management toll must be registered as an Azure AD application within an organization tenant to authenticate against the Store for business. About configuring your Azure AD application you could refer to this document.
To learn more about Azure Ad and how to register your application within Azure Ad, here are some topics to get your started:
• Adding an application to Azure Active Directory - Azure Active Directory integration with MDM
• Accessing other Web applications and configuring your application to access other APIs - Integrating Applications with Azure Active Directory
• Authenticating to the Store for Business services via Azure AD - Authentication Scenarios for Azure Active Directory