API Management Groups

Azure API Management supports the concept of User Groups to manage the visibility of Products to users. They are somewhat interesting, in that it is not obvious how to leverage them right away. As the documentation states, there are 3 built-in, system groups: Administrators Developers Guests (anonymous, unathenticated users) These...

Azure API Management - Changing the Subscription Key header or query string names

By default, there are two ways a consumer can specify the Subscription Key on a call to API Management: Using the Ocp-Apim-Subscription-Key HTTP header Using the subscription-key query string value in the URL These are just the default names for both. While they can be customized, it can be non-obvious...

ARM Extensions for Visual Studio Code

I’ve mentioned before that Visual Studio Code has been my tool of choice lately for writing Azure Resource Manager (ARM) templates. I’d like to mention some reasons I’ve found this a great combination: VSCode is far more lightweight than the full Visual Studio. I’ve always found the deployment experience for...

Azure API Management - Getting Query String Values in set-body

Ran a question recently that was a bit tricky to solve with Azure API Management: How do you get a value passed in the URL Query String to your API operation from a policy in a <set-body> statement? For example, let’s assume that the query string value we want is...

Azure API Management - SOAP-to-REST date/time handling

I’ve been spending some time recently helping customers getting started with Azure API Management, and recently ran into a small issue with the SOAP-to-REST feature that might trip others. The issue in question came up because the request message on the SOAP service had a field of type xsd:dateTime. When...

Using Azure AD B2C with API Management

In a previous post, I discussed how to setup OAuth2 authorization in API Management using Azure Active Directory. This time I’d like to show something very similar, but using Azure AD B2C instead. Once again, I’ll assume you already have an API implemented and configured in API Management. I’ll use...

Protecting APIs with OpenId Connect in API Management

In my last post, I outlined a customer scenario for protecting an API through OAuth2 in Azure API Management. I mentioned in it that I had been unsuccessful at using OpenId Connect, rather than raw OAuth2. After some more testing, and some help, I was able to get this working,...

Protecting APIs with OAuth2 in API Management

I’ve been playing a lot lately with Azure API Management. Recently, a customer asked me about the following scenario: They wanted to expose a Web API through API Management API Management should enforce and validate that an OAuth2 token was provided by the caller The underlying API did not know...

Decoding Application Gateway Certificates

Recently, I wanted to write a PowerShell script that would check expiration on the certificates assigned for SSL/TLS on Azure Application Gateway resources. Obtaining the certificates is easy through the SslCertificates property of the Application Gateway instance. However, it took me a while to figure out how to actually extract...

Logic Apps KeyVault Connector - Part 3

This is part 3 of my series of articles on implementing a custom Logic Apps connector. Read part 1 and part 2. By this point, I’ve implemented and deployed the WebApi application that implements the custom connector, and configured the necessary applications and permissions in Azure Active Directory. It’s time...