When building cloud solutions and web applications, it is common to use APIs – specific types of apps that only return data in JSON or XML. This data is then used by a consuming application, a desktop application, a mobile application, or even a website.
APIs can be used internally or to expose your data to external customers or partners.
An example would be a distribution organization that supplies products to resellers, and therefore needs to provide details of those products and up-to-date pricing and stock levels.
The reseller would use that feed on their website or mobile app to display products to their customers.
In such a scenario, the distribution company can expose its products via an API. However, they need to ensure they only provide details to registered resellers, and each reseller may have their own pricing bands.
The data provider will also use other APIs for internal use only. Each system that provides all these APIs may be hosted across platforms and may even be built using different technologies and formats.
Azure API Gateway is a service that helps address all these issues and more. Azure API Gateway provides a façade that can front multiple APIs and expose them as a single service or set of APIs, as you can see in the following diagram:
Figure 11.2 – Combining APIs behind Azure API Gateway
Azure API Gateway also provides the following features:
- API documentation: Automatically generates OpenAPI standards documentation that enables consuming developers to understand how to use your APIs.
- Rate limiting: Controls how much data can be retrieved in any one call. This is useful if a consumer could inadvertently request large amounts of data.
- Health monitoring: Logs and searches for issues generated by your APIs.
- Format exchange: APIs can expose data in a range of formats, for example, XML or CSV. Azure API Gateway can convert these to JSON to provide a consistent data format.
- Combine APIs: APIs can be combined from multiple locations into a single set.
- Analytics: Gains insights into your APIs as they are consumed to see how often they are being used and their source systems.
- Security: Wraps security around your APIs using OAuth 2.0 and Azure Active Directory (AD) integration.
When creating an API gateway and choosing pricing plans, however, each plan supports a different set of features:
- Developer: Primarily used for development and evaluation purposes. The Developer plan supports most features except for multi-region deployment. It has no Service Level Agreement (SLA) and is restricted to 500 requests a second.
- Basic: Entry-level but production use cases. 99.9% SLA and low scalability. It supports 1,000 requests per second but doesn’t offer VNet Integration, Azure AD integration, or multi-region deployments.
- Standard: Standard use with a 99.9% SLA and supports 2,500 requests per second. Standard is easier to scale but doesn’t support VNets or multi-region deployments, although it does offer Azure AD integration for identity support.
- Premium: High-volume production use with a 99.95% SLA. It supports 4,000 requests per second, is scalable, and supports all features such as multi-region deployments.
- Consumption: A serverless offering whereby there are no limits imposed and you pay for what you use (for example, per million calls). Consumption plans are ideal for lightweight or intermittent use and offer 99.95% SLA. However, it does not support Azure AD integration, VNet Integration, or multi-region deployments.
As you can see, choosing the correct pricing tier depends on the features you need to access. For example, if you have APIs running on internal VNets or enforce internal communication over VNets, only the Premium and Developer plans support this.
Once you have decided which plan will meet your needs, you must consider how to secure your APIs. The first step in this process is to implement policies.
Leave a Reply