API Management – Matt Ruma

Adventures in Azure API Management: Pay Attention to Order in Policies

Posted on October 28, 2020October 28, 2020 by Matt Ruma

I was trying to secure an Azure API Management (APIM) APIs with OAuth 2.0 and Azure AD per Protect API backend in API Management using OAuth 2.0 and Azure AD – Azure API Management | Microsoft Docs. My APIM managed API calls a back-end .NET Core API secured with Managed Identity. In my policy, which…

Adventures with Azure API Management: Add JSON Property in Set-Body

Posted on June 3, 2020June 3, 2020 by Matt Ruma

I have a policy on all my operations in Azure API Management to validate a JWT Token and extract the sub Claim, which I store in a userId variable that can be used in other policies. I have an operation called Organization Add that calls an Azure Function to add an organization to the database….

Adventures with Azure API Management: Shared Headers and Postman

Posted on June 1, 2020May 4, 2021 by Matt Ruma

I use Postman for testing my API calls to Azure API Management. In each of my requests I need to pass a Ocp-Apim-Subscription-Key header. In this header I provide my subscription key for my API provided by Azure API Management. Normally I would do this for each request. What if I need to change the…

Adventures in Azure: Curbside Pickup Sample App

Posted on May 19, 2020May 29, 2020 by Matt Ruma

With all that is going on with COVID-19 and the impact that it is having on retailers, I took a couple of days and wrote a curb-side app that would allow customers to notify a retailer, or any vendor for that matter, that they had arrived to pick-up their order. Please note, this is an…

Adventures with Azure: Security, Azure App Services and Azure API Management

Posted on April 14, 2020April 14, 2020 by Matt Ruma

In previous article we looked at how to secure an Azure Function with Azure API Management, in an effort to only allow resources within the Azure tenant access. Could the same thing be done with a Web Api hosted in App Services? Surprisingly, it was just as easy to implement. You setup Express Auth through…

Older posts →