Skip to main content

Azure API Management (Day 24 of 31)

List of all posts from this series:

Short Description 
Nowadays all features and functionality that is exposed by an online application needs to be exposed over an API also. We need to be able to integrate our system with custom devices and applications. Because of this it is important to be able to expose our system using a consistent API, easy to manage and maintain.
For things like this Azure API Management was introduce. Using this service we can publish our application to our clients (public or private way) in a scalable, secure with tracing and audit capabilities.

Main Features 
It has the capability to monitor in real time the load, the number of connections and many more. In this way we can take decision in real time to scale. The audit can be consumed later on by an analytic system and detect patterns or make predictions.
Connect with multiple backends
We have the capability to connect multiple services using only one API endpoint. In this way we can expose our services in a consistent and uniform way.
API Documentation
We have the capability to generate a friendly and usable documentation for each functionality that we expose. In this way our API can be integrated more easily with external services.
JSON and RESTful
The API that is expose is exposed using RESTfull standards JSON format. Even if our backend is using old technology we can expose it using the modern one with minimal costs.
The resources consumed by our system can scale up or down based on our needs. In this way we don’t have a system limited to a specific number of users.
Azure API Management has caching capabilities. This mean that we can cache the response of different services for a specific time period, reducing the load on our backend.
Load limit
There is full and configurable control on the number of requests that each client can do. Using this approach we can control when clients do more calls that they are allowed. On top of this we can limit the rate frequents of calls and responses.
Error Rate
Using the monitoring part of Azure API Management we can know the number of errors, use cases when this error appeared. Fixing issues and finding root cause is simplified.
Access Control
We have full control related to persons who has access to our API. One or more operations are grouped in a so called ‘product’. We can allow to different clients to use the operations that are exposed over a product.
Each client (client developer) has a subscription key that is used to access our API.
Access Management
We can control at a very small granular level who has access to our API, for what period and what kind of operations can be called.
Client subscription key
We don’t need to send to each client the subscription key. Once a client has access as client developer to our API he can access a small part of our management portal and manage his subscription key.
There is full support for API that can be accessed by anonymous users. This users are allowed only to see the API (Read Only) without the ability to access it.
Group Management
It allow us to create groups of users with different rights and permissions.
OAuth 2.0 and Certificates
There is full support for authentication using OAuth 2.0 protocol or based on certificates. In this way the service is flexible enough to support any kind of needs and requests.
Standard Unit
It is the scaling unit of Azure API Management.


  • One Standard Unit can handle 1K requests per second and can goes to even 2.8K requests per second.
  • Latency between 1 to 15ms.

Applicable Use Cases 
Below you can find some use cases when I would use Azure API Management.
API for clients that needs to pay a subscription
For use cases when clients pay the access to our API, Azure API Management can be used with success to control the access and measure how much resources each client consume.
Expose legacy system to the modern world
If we have legacy systems that works very good and we want to expose it in a modern way, that this could be a good solution for us.

Code Sample 

Pros and Cons 

  • Scalable
  • Secure
  • Easy to manage
  • Low Latency


When you need to calculate the cost of Azure API Management you should take into account the following:

  • Number of calls per day
  • Data transfer
  • Cache size

In conclusion we can say that Azure API Management it’s very useful when we want to expose in a consistent and secure way our API and functionality. You should reserve 1 hours and look over this interesting services.


Popular posts from this blog

ADO.NET provider with invariant name 'System.Data.SqlClient' could not be loaded

Today blog post will be started with the following error when running DB tests on the CI machine:
threw exception: System.InvalidOperationException: The Entity Framework provider type 'System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer' registered in the application config file for the ADO.NET provider with invariant name 'System.Data.SqlClient' could not be loaded. Make sure that the assembly-qualified name is used and that the assembly is available to the running application. See for more information. at System.Data.Entity.Infrastructure.DependencyResolution.ProviderServicesFactory.GetInstance(String providerTypeName, String providerInvariantName) This error happened only on the Continuous Integration machine. On the devs machines, everything has fine. The classic problem – on my machine it’s working. The CI has the following configuration:

TeamCity.NET 4.51EF 6.0.2VS2013
It seems that there …

GET call of REST API that contains '/'-slash character in the value of a parameter

Let’s assume that we have the following scenario: I have a public HTTP endpoint and I need to post some content using GET command. One of the parameters contains special characters like “\” and “/”. If the endpoint is an ApiController than you may have problems if you encode the parameter using the http encoder.
using (var httpClient = new HttpClient()) { httpClient.BaseAddress = baseUrl; Task<HttpResponseMessage> response = httpClient.GetAsync(string.Format("api/foo/{0}", "qwert/qwerqwer"))); response.Wait(); response.Result.EnsureSuccessStatusCode(); } One possible solution would be to encode the query parameter using UrlTokenEncode method of HttpServerUtility class and GetBytes method ofUTF8. In this way you would get the array of bytes of the parameter and encode them as a url token.
The following code show to you how you could write the encode and decode methods.

Entity Framework (EF) TransactionScope vs Database.BeginTransaction

In today blog post we will talk a little about a new feature that is available on EF6+ related to Transactions.
Until now, when we had to use transaction we used ‘TransactionScope’. It works great and I would say that is something that is now in our blood.
using (var scope = new TransactionScope(TransactionScopeOption.Required)) { using (SqlConnection conn = new SqlConnection("...")) { conn.Open(); SqlCommand sqlCommand = new SqlCommand(); sqlCommand.Connection = conn; sqlCommand.CommandText = ... sqlCommand.ExecuteNonQuery(); ... } scope.Complete(); } Starting with EF6.0 we have a new way to work with transactions. The new approach is based on Database.BeginTransaction(), Database.Rollback(), Database.Commit(). Yes, no more TransactionScope.
In the followi…