Azure API Management and Application Gateway integration
One of the Azure services I frequently find myself working with is API Management.
API Management is an excellent service for abstracting your back-end services and presenting a set of APIs via a single HTTPS endpoint.
There’s a couple of common questions that organisations have with API Management -
- How do we protect the Internet-facing public endpoint of API Management?
- How can we selectively expose some API’s externally whilst keeping all other API’s internal?
Microsoft has a supported blueprint for this. The architecture has a couple of key components -
- API Management deployed in “internal” VNET mode
- Application Gateway (WAF) for exposing a subset of API’s externally
The challenge with this blueprint is that whilst it works well, the documentation isn’t particularly comprehensive and omits several vital elements to get it up and running.
This post attempts to provide a clearer overview of this scenario and give some additional guidance along the way.
Architecture Overview
When I first started working with this scenario, the first question I had was -