← Return To Home

Azure API Management Overview

API Management (APIM) helps organizations publish APIs to external, partner, and internal developers to unlock the potential of their data and services. API Management provides the core competencies to ensure a successful API program through developer engagement, business insights, analytics, security, and protection.

This blog will cover the key concepts about Azure API Management followed by monitoring them in various perspectives using Serverless360.

API Management Products

Products are how APIs are surfaced to developers. Products in APIM will have one or more APIs and are configured with a title, description, and terms of use. Products can be Open or Protected.

Protected products must be subscribed to before they can be used, while open products can be used without a subscription.

When subscribed, users get a subscription key that is good for any API in that product. Subscription approval is configured at the product level and can either require administrator approval or be auto-approved.

API Management APIs

Each API contains a reference to the back-end service that implements the API, and its operations map to the operations implemented by the back-end service.

API Management Operations

Each API represents a set of operations available to developers. Operations in APIs map to the operations implemented by the back-end service. Operations in APIM are highly configurable, with control over URL mapping, query and path parameters, request and response content, and operation response caching. Rate limits, quotas, and IP restriction policies can also be implemented at the API or individual operation level.

Groups

Groups are used to manage the visibility of products to developers. APIM has the following immutable system groups:

  • Administrators– Azure subscription administrators are members of this group. Administrators manage API Management service instances, creating the APIs, operations, and products that are used by developers.
  • Developers– Authenticated developer portal users fall into this group. Developers are the customers that build applications using your APIs. Developers are granted access to the developer portal and build applications that call the operations of an API.
  • Guests– Unauthenticated developer portal users, such as prospective customers visiting the developer portal of an API Management instance fall into this group. They can be granted certain read-only access, such as the ability to view APIs but not call them.

Developers

Developers represent the user accounts in an API Management service instance. Developers can be created or invited to join by administrators, or they can sign up from the Developer portal. Each developer is a member of one or more groups and can subscribe to the products that grant visibility to those groups.

Policies

Policies are a powerful capability of API Management that allows the Azure portal to change the behavior of the API through configuration.

Policies are a collection of statements that are executed sequentially on the request or response of an API.

Popular statements include format conversion from XML to JSON and call rate limiting to restrict the number of incoming calls from a developer, and many other policies are available.

Developer portal

The developer portal is where developers can learn about your APIs, view and call operations, and subscribe to products. Prospective customers can visit the developer portal, view APIs and operations, and sign up. The URL for your developer portal is located on the dashboard in the Azure portal for your API Management service instance.

Why should API Management be monitored?

API Management Products: Developers would build business solutions consuming APIs in a Product. As their business depends on these APIM Products it becomes necessary to monitor the same.

API Management APIs: When APIs include the critical business logic in the solution, there is a necessity to evaluate the reliability, efficiency, performance of the API Management APIs.

API Management Operations: Operations solve several businesses ‘ demands which makes it necessary to have an eye on their efficiency, reliability, and consumption.

Serverless360 Monitoring for API Management

When an APIM is associated to a Serverless360 Composite Application, it is possible to monitor the APIM in various perspectives using the monitors in Serverless360.

State-Based Monitoring

The state of the APIM can be monitored using Serverless360 Status Monitor or Threshold Monitor. Configure Status or Threshold Monitor on the desired state to meet the monitoring requirements.

Metrics Based Monitoring

The efficiency, reliability or consumption of the APIM can be monitored using Serverless360 Data Monitor. Data Monitoring can be configured for an APIM on an extensive set of metrics. Configure data monitor on desired metrics with appropriate warning and error threshold values to meet the monitoring requirement.

The extensive set of Metrics on which APIM can be monitored are:

  • Successful Requests
  • Unauthorized Requests
  • Failed Requests
  • Other Requests
  • Total Requests
  • Data Transfer 
  • Cache Hits
  • Cache Misses
  • Average Response Time
  • Minimum Response Time
  • Maximum Response Time 
  • Average Service Response Time
  • Minimum Service Response Time 
  • Maximum Service Response Time 

APIM Product can be monitored using both Metrics Based Monitoring (Data Monitor) and State-Based Monitoring (Status or Threshold Monitor)

APIM APIs can be monitored using Metrics Based Monitoring (Data Monitor)

APIM Operation can be monitored using Metrics Based Monitoring (Data Monitor)

APIM Product: State-Based Monitoring

When a product is ready for use by developers, it can be published. Once it is published, it can be viewed by developers (it becomes publicly accessible to the developers with the subscription key). Changing the state of the published APIM to not published will make the APIs unavailable for those using the APIs in that Product. In such scenarios monitoring the state of the APIM becomes crucial.

APIM Product State

By associating APIM to a Status Monitor or Threshold Monitor, it is possible to monitor the state and get alerted through configured notification channels by comparing the current state against the expected state.

APIM Product: Metrics Based Monitoring

Data Monitoring can be configured for an APIM Product on an extensive set of metrics.

If the requirement is to monitor the number of requests to the product and maximum response time. Configure a data monitor with Total Requests and Maximum Response Time being monitored against appropriate warning and error threshold values.

APIM Product Data

APIM APIs: Metrics Based Monitoring

Data Monitoring can be configured for an APIM API on an extensive set of metrics.

If the requirement is to measure the reliability configure monitor on the number of failed requests. To evaluate performance the choice should be average response time metric of the API. Configure data monitor on desired metrics with appropriate warning and error threshold values to meet the monitoring requirement.

APIM API Data

APIM Operation: Metrics Based Monitoring

Data Monitoring can be configured for an APIM Operation on its extensive set of metrics.

For example, to monitor the bandwidth utilization of the APIM Operation, configure data monitor on its metric Data Transfer with appropriate warning and error threshold values.

APIM Operation Data

Conclusion

Use API Management to publish APIs to external, partner, and employee developers securely and at scale. Explore how Serverless Applications containing Azure API Management can be monitored using Serverless360 here.

Author: Pavithra Rajendran

Pavithra is a Jr. Software Engineer at Kovai.co. She loves working with C# and SQL. She is passionate about writing articles on Serverless technologies.