Azure Api Management is one of the most popular resources available in Azure. In today's post, I'd like to present a simple way to effectively handle APIs and offer OAuth2.0 authorization options to users of our APIs.
Github repository with solution: click here
Prerequisites post: https://www.skycloudnest.com/post/azure-use-cases-prerequisites
Preparations
In addition to the prerequisites mentioned earlier, we must also include the API permission for our deployment service principal as shown in the image below. This permission allows the service principal to create objects for Entra Id. In addition I am attaching Terraform documentation for that module azuread_application.
APIM Deployment
Initially, the APIM resource needs to be implemented. I have developed a Terraform module specifically for this task, which comes with an app registration as a standard feature. This setup enables us to securely access our APIs through OAuth 2.0 with enhanced functionality.
Kindly wait as it could require up to 40 minutes to generate this resource. Furthermore, an application registration will be established in Azure Entra Id. The subsequent task involves generating a secret that will enable us to create the access token:
Lets save the secret and client Id on that app registration, we will need to use it later on.
Apim Api deployment
As you are aware, this resource is essential for managing incoming and outgoing traffic for various services. For example, we will set up a logic app with an HTTP trigger and then deploy a new endpoint to APIM.
Here is the implementation of inbound_api.tf that deploys a new API to the APIM instance and configures a logic app as its backend.
As we shift our pipelines towards sustainability, we should be able to find a new endpoint in the Azure API Management service.
Furthermore, we can verify the inbound policies, where token validation is enforced; otherwise, a 401 HTTP response status message is returned.
Postman verification
In order to verify if we can access our API and endpoints exclusively through OAuth 2.0 authorization, we can initiate a new request to our endpoint and set up the necessary authorization. To achieve this, the following steps need to be taken:
How to fill the data
Access Token URL -> https://login.microsoftonline.com/{Your_tenant_id}/oauth2/v2.0/token
Client ID -> Client Id
Client Secret -> Client Secret
Scope -> api://{azure_api_management_sample_api.application_name}/.default
Results - without any kind of token:
With token generated based on the values listed above:
Furthermore, we can observe that our logic app was successfully triggered! Success :)
Summary
This article serves as a comprehensive guide to effectively managing APIs in Azure API Management (APIM) and implementing OAuth 2.0 authorization for users. Additionally, it illustrates the process of authenticating API access through OAuth 2.0 using Postman, detailing the necessary steps such as configuring the access token URL, client ID, and secret. It wraps up by encouraging readers to share the article if they find it beneficial.
If you like the article share it! Ill be very glad
Comments