Winterdom

Yesterday I ran into an interesting scenario with Azure API Management. A customer had a production API Management service instance, on which they had a subscription to a product that was used by a mobile application. Somehow, the subscription got deleted, which immediately broke the client application, as it could...

A while ago, I wrote a post about enabling authentication to Azure SQL Database using delegated token credentials. A kind reader reported the following issue: I am currently not able to see the Azure SQL Database API in the list of API’s from the Azure AD App that I have...

Azure API Management supports the concept of User Groups to manage the visibility of Products to users. They are somewhat interesting, in that it is not obvious how to leverage them right away. As the documentation states, there are 3 built-in, system groups: Administrators Developers Guests (anonymous, unathenticated users) These...

By default, there are two ways a consumer can specify the Subscription Key on a call to API Management: Using the Ocp-Apim-Subscription-Key HTTP header Using the subscription-key query string value in the URL These are just the default names for both. While they can be customized, it can be non-obvious...

I’ve mentioned before that Visual Studio Code has been my tool of choice lately for writing Azure Resource Manager (ARM) templates. I’d like to mention some reasons I’ve found this a great combination: VSCode is far more lightweight than the full Visual Studio. I’ve always found the deployment experience for...

Ran a question recently that was a bit tricky to solve with Azure API Management: How do you get a value passed in the URL Query String to your API operation from a policy in a <set-body> statement? For example, let’s assume that the query string value we want is...

I’ve been spending some time recently helping customers getting started with Azure API Management, and recently ran into a small issue with the SOAP-to-REST feature that might trip others. The issue in question came up because the request message on the SOAP service had a field of type xsd:dateTime. When...

In a previous post, I discussed how to setup OAuth2 authorization in API Management using Azure Active Directory. This time I’d like to show something very similar, but using Azure AD B2C instead. Once again, I’ll assume you already have an API implemented and configured in API Management. I’ll use...

In my last post, I outlined a customer scenario for protecting an API through OAuth2 in Azure API Management. I mentioned in it that I had been unsuccessful at using OpenId Connect, rather than raw OAuth2. After some more testing, and some help, I was able to get this working,...

I’ve been playing a lot lately with Azure API Management. Recently, a customer asked me about the following scenario: They wanted to expose a Web API through API Management API Management should enforce and validate that an OAuth2 token was provided by the caller The underlying API did not know...