How to get a fully automated API lifecycle with Azure API Management
Written by Vegard Røsholm and Bjørn Arild Bakken
Azure API Management (APIM) is a great platform for exposing your APIs. Nevertheless, an organization can have several API developers, and you do not want to grant them access to the APIM Platform. You don’t want a dedicated resource that collects, publishes, and updates APIs. What we ultimately want to achieve is to enable developers to submit APIs to APIM via Azure DevOps. Those APIs should be handled automatically, tested, and deployed to different environments without unnecessary manual deployment. In this series, we will look at how we can use Azure DevOps for Application Lifecycle Management (ALM) in APIM. A later article will dive into the technical implementations on how to publish new APIs for different environments, update existing APIs and handle API tests. First, let’s focus on the overall architecture:
The figure above illustrates how to set up Azure DevOps Services, where external users publish APIs in OpenAPI standard, policy files, and Postman collections with API tests. These files are processed through multiple Pipelines. Note that the described approach will deploy to different environments depending on the target branch; commits to the develop branch will deploy to an APIM TEST, while commits to main will deploy to APIM PROD. However, there are multiple approaches for deploying to different environments, so feel free to adapt the source code to your needs.
In the API definition file, a series of custom variables are defined for url, endpoints etc. So there is no need to do configuration in APIM for anything. Everything that is needed to deploy an API is in the OpenAPI configuration file.
Pipelines
Azure Pipelines automatically builds and tests code projects to make them available to others. It works with just about any language or project type. Azure Pipelines combines continuous integration (CI) and continuous delivery (CD) to constantly and consistently test and build code and ship it to APIM.
Validate APIs
A build validation pipeline to verify the submitted API when creating a pull request. This pipeline will verify the API specification, name, version, paths, backend URL, and other specified parameters. The APIs submitted in the pull request are imported to APIM to verify the import process. The API is then deleted.
Import new API’s and update existing APIs
This pipeline will import/update APIs in APIM. The pipeline will check whether the API is already existing in APIM, and create a new version or revision depending on the version number in the OpenAPI specification. New APIs will be imported including policies and added to the specified product(s). API tests are run, and results are published to Test Plans.
Weekly backup of APIM
This pipeline is triggered weekly and back up the APIM instance to blob storage. As an APIM backup are valid for 30 days only, the storage will delete backups older than 30 days.
Migrate APIM instances
Manually triggered pipeline for migrating APIM config between different instances. This pipeline is useful for migrating changes from a development instance to production.
Is it easy to implement?
Building a complete ALM platform with APIM and Azure DevOps Services takes time because there are no complete libraries that automatically ship, manage and test your APIs for you. But Microsoft has provided great tools to help you build your own platform. Tools like the Az.ApiManagement Powershell Module and YAML. You need some experience with Azure DevOps, YAML, OpenAPI specification, and Azure API Management. With this article and coming articles, we hope you get an understanding of how you can build your own ALM platform.
Next step…
Let us know what you think! If you found this interesting, we will make sure to post another article with the technical implementation of a fully automatic ALM platform with Azure DevOps and Azure API Management. Starting with building up the OpenAPI JSON file to your needs, implement the pipelines, and implement testing in your ALM platform.
