For things like this Azure API Management was introduce. Using this service we can publish our application to our clients (public or private way) in a scalable, secure with tracing and audit capabilities.
It has the capability to monitor in real time the load, the number of connections and many more. In this way we can take decision in real time to scale. The audit can be consumed later on by an analytic system and detect patterns or make predictions.
Connect with multiple backends
We have the capability to connect multiple services using only one API endpoint. In this way we can expose our services in a consistent and uniform way.
We have the capability to generate a friendly and usable documentation for each functionality that we expose. In this way our API can be integrated more easily with external services.
JSON and RESTful
The API that is expose is exposed using RESTfull standards JSON format. Even if our backend is using old technology we can expose it using the modern one with minimal costs.
The resources consumed by our system can scale up or down based on our needs. In this way we don’t have a system limited to a specific number of users.
Azure API Management has caching capabilities. This mean that we can cache the response of different services for a specific time period, reducing the load on our backend.
There is full and configurable control on the number of requests that each client can do. Using this approach we can control when clients do more calls that they are allowed. On top of this we can limit the rate frequents of calls and responses.
Using the monitoring part of Azure API Management we can know the number of errors, use cases when this error appeared. Fixing issues and finding root cause is simplified.
We have full control related to persons who has access to our API. One or more operations are grouped in a so called ‘product’. We can allow to different clients to use the operations that are exposed over a product.
Each client (client developer) has a subscription key that is used to access our API.
We can control at a very small granular level who has access to our API, for what period and what kind of operations can be called.
Client subscription key
We don’t need to send to each client the subscription key. Once a client has access as client developer to our API he can access a small part of our management portal and manage his subscription key.
There is full support for API that can be accessed by anonymous users. This users are allowed only to see the API (Read Only) without the ability to access it.
It allow us to create groups of users with different rights and permissions.
OAuth 2.0 and Certificates
There is full support for authentication using OAuth 2.0 protocol or based on certificates. In this way the service is flexible enough to support any kind of needs and requests.
It is the scaling unit of Azure API Management.
- One Standard Unit can handle 1K requests per second and can goes to even 2.8K requests per second.
- Latency between 1 to 15ms.
Applicable Use Cases
Below you can find some use cases when I would use Azure API Management.
API for clients that needs to pay a subscription
For use cases when clients pay the access to our API, Azure API Management can be used with success to control the access and measure how much resources each client consume.
Expose legacy system to the modern world
If we have legacy systems that works very good and we want to expose it in a modern way, that this could be a good solution for us.
Pros and Cons
- Easy to manage
- Low Latency
When you need to calculate the cost of Azure API Management you should take into account the following:
- Number of calls per day
- Data transfer
- Cache size