Azure API Management

Question 1

API Management

What are the possible tiers(sku) and their associated costs?

Answer 1

Developer at 33,75$ p/m
Basic at 103,21$ p/m
Standard at 481,66$ p/m
Premium 1961,76$ p/m
Consumption(Premium)

Question 2

What is API Management?

Answer 2

APIM helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services. Businesses everywhere are looking to extend their operations as a digital platform, creating new channels, finding new customers and driving deeper engagement with existing ones.

API Management provides the core competencies to ensure a successful API program through developer engagement, business insights, analytics, security, and protection. You can use Azure API Management to take any backend and launch a full-fledged API program based on it.

It is basically a Gateway for Integration to various services and users.

Question 3

API Management

When a user or company connects to the API Management service…

Answer 3

They obtain a subscription. This subscription is used to help manage incoming requests.

Question 4

Once you have ingested these APIs you can create…

Answer 4

different products

Question 5

Azure API Management offers a flexible way to…

Answer 5

version, test and publish API’s to internal and external users

Question 6

Benefits of Azure API Management

Answer 6

Freedom of language of choice
Scalable
Limited access or number of calls
Offload security
Insights for performance and troubleshooting

Question 7

What is Postman?

Answer 7

Allows you to share API, orchestrate API requests and troubloeshoot issues

Question 8

Reorder these:
Create GetSession Request with Subscription Key in Postman
Capture Subscription Key
Import XXXX API from publisher
Create API Management Service in Azure Portal
Create a user in Portal
Test call to Get Session in Azure Portal

Answer 8

1. Create API Management Service in Azure Portal
2. Import XXXX API from publisher
3. Capture Subscription Key
4. Create a user in Portal
5. Test call to Get Session in Azure Portal
6. Create GetSession Request with Subscription Key in Postman

Question 9

What Authentication services can be used to access API?

Answer 9

Azure AD
Azure B2C
Facebook
Google
Microsoft
Twitter

Question 10

APIM has some features to help secure APIs using…

Answer 10

OpenID Connect or OAuth 2.0

Question 11

What is OAuth?

Answer 11

A user can obtain a token which they give to an app to use as proof of identity. This token is called a Bearer token

Question 12

What’s an Authorization code flow?

Answer 12

An authorization code flow is when a client obtains a user’s approval and gets an authorization code that can be exchanged for an access token which is used to gain access to privileged resources.

Question 13

What are the eight steps in the OAuth flow for Authorization Process

Answer 13

First, the process will be initiated by the user trying to get into a client application. Second, the client will redirect the user to an authorization server that they trust. Third, the user will log into the authorization server with their username and password. Fourth, the authorization server will validate the user’s credentials and redirect them to the client application to the reply or callback URL with an authorization token. Fifth, the browser hands the authorization token to the client application. Sixth, the client application will send the authorization token to the authorization server, to the token endpoint, and get an access token. It will also gain a refresh token. Seventh, the application will submit the access token to the resource server. Eighth, the resource server will validate the access token and will allow the client application access to the resource.

Question 14

What are API Policies and uses

Answer 14

A key strength of APIM is that it allows you to apply policies to change the behavior of the API. The policies can be applied on different attributes, like the subscription or data types returned and much more. The policies allow publishers to control or manipulate the requests or the various data at different stages.

Securing your API by requiring an OAuth token,
Converting XML to JSON or JSON to XML,
Rate limiting the number of requests based on the specific subscription, or simply Changing header values and callback URLs

Question 15

How can I delete specific header data or URL coming back from the API call?

Answer 15

By modifying Outbound policy for the specific Global / Product / API / Operation

Question 16

Can we implement a Policy to change the specific operation in a API Call (maybe modifying the type of code delivered from JSON to XML)?

Answer 16

Yes, by using an Operation API Policy

Question 17

How can we deploy a policy to validate the inbound Token?

Answer 17

By using an Inbound Policy and using the method and the values that need to be met

Question 18

How can we access all the implemented policies in one view?

Answer 18

Using the Effective policy view

Question 19

How can I decode the Token to validate what is being sent in decoded version??

Answer 19

Using the JWT decoder (jwt.io)

Question 20

How can we test the API Calls and Policies?

Answer 20

By using Postman application to see what is being sent and Tokens considered

Question 21

What is a Token comprised of?

Answer 21

Header, Payload and Signature