API Mangement (APIM)

Cosmos query to get row count.

Ques. Do it has caching?

Alan_Rodrigues

AZ-204 - Connect and Consume services - Azure API Management - YouTube https://www.youtube.com/watch?v=e2vCAr_WHoY

Transcript: (00:00) [Music] hi and welcome back now we are going to go ahead and start working with the azure api management service now before we dwell into the azir api management service we are first going to go ahead and understand first briefly what is an api and why do we need a service such as the azir api management service so first we come to an api so this is nothing but an application programming interface this is a computing interface that defines interactions between multiple software intermediaries so this defines the kinds of calls or (00:43) requests that can be made how to make them the data formats that need to be used the conventions etc so just to give you an example of an api or an application programming interface now let’s say a company is storing some sort of data that they have they have a data store and let’s say that you want an external user to have access to fetch the data that’s stored in the data store now rather than giving direct let’s say database access to the user what they can do is that they can go ahead and develop let’s say a module a (01:20) function some sort of code that can go in and interact with the data store so now the user can actually go ahead and call that module that module will then go ahead and fetch the data from the underlying database so this helps in terms of security so here you don’t need to give direct access for the user onto the data store now over the years it’s becoming much more easier for users to have the ability to invoke functions now users can actually go ahead and invoke these functions by making calls over the internet itself (02:01) so by making calls over the http protocol they can actually go ahead and invoke these functions or these modules so the company in addition to define that module or that function actually does something they would also go ahead and expose an api interface so the external user will actually go ahead and invoke that api that api interface that interface would then invoke the module and the module would then go ahead and fetch the data from the underlying data store so over here i’m just giving a very simple example of an api (02:38) actually when you go ahead and actually interact with let’s say azure resources why the azure command line interface actually in the background the azure command interface is again making an api call onto its corresponding azure service via http itself so if you go and actually debug the calls in azure cli you’ll actually see api calls being made on to azure services so invoking or making use of apis is now the norm when it comes to exposing functionality of a system or an application right so now there’s given a brief

Starting

(03:21) introduction on apis let’s go ahead now and understand the API Mangement (APIM) service so now we come on to the part of why do we have an azir api management service so before that let’s again broaden our aspect when it comes to apis so in the earlier diagram i just showed you a single api but let’s say a company has a whole list of data stores and they have a whole list of different apis that give exposure on to these different data stores and let’s say they have different sort of users who need access onto these apis (04:00) or these data stores so you might have a user that might directly go ahead and invoke the setup apis or you might have an application invoking the setup apis or you might have the user wire a web tool that’s again going in and let’s say going out and invoking those set of apis and again doesn’t have to be a one-to-one matching so you could have applications invoking other apis as well so some key things to remember when you go ahead and define multiple set of apis so i already talked about security (04:35) earlier on then you also have the concept of decoupling so over here your core functionality is separate your data store is separate so this decouples the different components of your architecture and you have scalability so you can go ahead and scale your data stores you can go ahead and scale your apis now that we have this diagram in mind let me go ahead and introduce the azio api management service now over here i’m going ahead and introducing the azir api management service has an interface between the (05:10) application so this could be application it could be your users and the set of apis so your set of apis remains the same you have your data stores so now when an application or a user needs to go ahead and invoke the api the request will go via the api management service the api management service will then go ahead and invoke the api and then your api will interact with your data store so what are the benefits of using the azure api management so first it helps in the easier management of your apis itself now what happens companies might you (05:48) know give or expose apis either on a public level so that everybody could go ahead and use the apis or they might want a certain set of apis to be only used by let’s say a certain set of users or maybe a certain set of external customers in such a case they want to go ahead and group those apis together and they want to ensure security of those apis so they’re going to only ensure that those set of users or those set of external customers can actually go ahead and invoke this small set of apis so you can actually go ahead and group (06:22) the apis into something known as products and you could also have subscriptions from external customers onto these products in azure api management so it just helps in the management of your apis now one very key thing to note over here is that you will not use azure api management service to develop your apis no you have to develop the apis yourself the api management service is just an interface between the users and your backend apis so this is a key thing to remember you will not develop apis using the api (07:02) management service you also have something known as policy so these are some of the features i’m explaining when it comes to the azure api management service you can actually go ahead and change the entire behavior of your apis via api policies you also have built-in caches so let’s say you have a lot of requests coming on to set up apis and for better performance you can actually go ahead and allow api management service to caching those frequent responses those responses can then be sent back on to the users or your applications (07:36) instead of actually going in and invoking your backend api again and you also have better security for your apis as well so these are just some of the features that you have of the azio api management service we’ll actually go into a demo and we’ll see how to work with the azure api management service for now this marks the end of this chapter now i just want to go ahead and give a note on what we’re going to implement when it comes to azure api management so we are going to go ahead and create an (08:14) instance of azure api management i am also going to go ahead and create an azure web app so in visual studio we’ll go ahead and create a web api project we’ll then go ahead and publish that project onto the azure web app and then we’ll go ahead and import that api into azure api management so now when a user wants to go ahead and invoke an api that is hosted on the azure web app the user can actually go ahead and invoke that api via the azure api management instance so the first thing we will do is we will go ahead and (08:59) create the azure api management resource this actually takes time so the creation of the resource takes around 20-25 minutes and then in the meantime we’ll actually go ahead and build our web api project in visual studio so here we are in seo now i am going to go on to all resources and let me go ahead and click on add so the first thing i will do is i’ll go ahead and add an azure web app a brand new one over here i’ll go ahead and choose one of my existing resource groups over here i’ll try to go ahead and give (09:40) a unique name for the web app right so we have that in place for the runtime stack i’m going to go ahead and choose dot net code 3.1 i’ll leave the region hazardous that’s central us over here i’ll go ahead and leave the app service plan also has it is if you want you can also go ahead and choose the basic app service plan i’ll go on to next so i’ll leave deployment as it is i’ll go on to monitoring i don’t need application insights at this point in time i’ll go on review and create and let’s (10:18) go ahead and hit on create now in another tab i’ll go ahead and click on add for all resources and over here i’ll go ahead and search for api management i’ll go ahead and hit on create over here i’ll go ahead and choose the same resource group by this time i’ll go ahead and choose a different location so my azure web app is in the central u. (10:45) s location and my api management is in the west europe location so the only reason i’m having this in different locations is because in a subsequent chapter i want to explain the cache mechanism which is available with api management over here we have to go ahead and give a resource name right so it’s available over here you can just go ahead and give a dummy organization name and you have to go ahead and give an email id now when it comes to the pricing tier we can go ahead and choose the developer so if you go on to the (11:30) pricing for api management if i go ahead and scroll down so when it comes to the developer over here you’re paying quite a less amount but this is so please know that if you are following along to go ahead and ensure that after you are finished working with the api management instance to go ahead and delete the resource and with the developer you get a lot of functionality that is available one of the biggest things that you don’t get is basically an sla a service level agreement so this is not good for your (12:12) production workloads so it’s good if you want to go ahead and just test it out to see how it works i’ll go on to next for monitoring so over here i’ll just turn off application insights i won’t do anything for scaling the identity don’t need a virtual network won’t do anything with the protocol settings i’ll just go on to review and create and then i’ll go ahead and hit on create now this might take around 15 to 20 minutes so i’ll come back once i have the api management resource in place (12:55) now in the next set of chapters i’ll go ahead and show students how to build a web api in dot net so we’ll use visual studio 2019 now if you’re only familiar with web apis you can go ahead and build your own web api solution but just for the benefit of those students who want to learn how to build a web api in dot net i’m going to go ahead and show you how to build a web api we’re going to go ahead and build this api that is going to go ahead and basically work with data which will be in a json file so over here i have a (13:33) courses dot json file so if i go ahead and open it up in notepad so it has some json objects so for each object i have a course id a course name and a rating so my web api will actually go ahead and have the ability to interact with this json based data we are going to go ahead and upload this json file onto an azure storage account so what i’ll do first is in visual studio let me go ahead and create a new project over here i’ll go ahead and search for asp. (14:17) net core and over here i’ll go ahead and create a mt asp.net core project you can go ahead and use a template for the web api but for the benefit of those students i want to go ahead and show you how from scratch you can go ahead and build a web api so i’ll go ahead and choose an empty project i’ll go on next so over here let me go ahead and give a project name hit on enter i’ll choose dotnet code 3. (14:50) 1 and hit on create right so we have our web api in place now the first thing i’m going to do is to go ahead and create a model class so that model class will be a representation of the data that we have over here so i’ll go on to my project right click and let me go ahead and add first a new folder i’ll name this folder has models and in the models let me go ahead and right click add basically a new class so i can go ahead and choose new class so we are choosing a class and over here the name of the class i’ll give it has course (15:32) so this is going to be a representation of our course so over here we can start going in and adding properties for this class so you can go ahead and use the short form of prop hit tab so it will then go ahead and add the entire get and set methods for the property now over here i’m going to go ahead and choose string so what is the first property that we have that’s our course id again prop again we have a string and what we have next we have the course name so replace it over here then again prop and what we have in the last (16:25) so we have a rating so for this we can mention it has float and mention the rating over here right so we have a model in place now what i’ll do is that in azure let me go on to all resources and let me go ahead and add a new storage account so i’ll go ahead and choose storage account over here i’ll go ahead and choose a resource group i’ll just go ahead and give a name for the storage account i’ll leave everything hazardous just for replication i’ll choose locally redone in storage i’ll go directly on to review and create (17:12) and let me go ahead and actually hit on create to go ahead and create this storage account so in the storage account we are going to go ahead and upload our courses.json file so that will be our data please note that your data can be in any sort of data store the data could be in a sql database it could be in azure cosmos db it could be in aws so your data store will be present and you’ll have a web api that will be responsible for interacting with that data and then giving you the required output i can see my storage account in place (17:50) i’ll go ahead on to the resource now over here i’ll go on to containers i’ll go ahead and add a new container i’ll give a name for the container and hit on create i’ll go on to the container and over here let me go ahead and upload that courses.json file from my local system so i’m going on to the temp folder i’ll go ahead and choose that file and hit on upload and see if you go on to the file if you go on to the edit section we have our data over here now next in our project i’m going to go ahead and now add (18:31) another folder so i’ll right click click on add and click on new folder now over here i’m going to go ahead and create a services folder so i’m going to go ahead and now add a class so this will be a service that will be used for interacting with our data that’s our json file in the storage account so over here i’m going to go ahead and right click and add a new class so over here let me go ahead and give the name of the class so course service let me go ahead and click on add now over here the first thing i’m going (19:14) to do is to ensure to add the connection string for our storage account so over here in the class i’ll go ahead and add a property for my storage account over here let me go on to the storage account i’ll go on to access keys i’ll go ahead and click on show keys over here let me go ahead and take the connection string for key one let me go ahead and replace it over here now next i’m going to go ahead and copy paste some methods that i have for this particular class so the first method is to go ahead and (19:52) return all courses so what this method is going to do is it’s going to go ahead onto our azure storage account it will go ahead and return all of that course data so has a web api i want to expose an api wherein i can go ahead and get all of the course information now over here i need to go ahead and include the namespace that’s web api models because our course class is under the models folder under web api and then over here we have the classes that work with azure blobs now i need to go on tools new get package manager and (20:35) manage nuget packages for the solution let me go on to browse let me go ahead and search for blob i’ll choose azure.storage.org install it for the web api i’ll go ahead and hit on ok and hit on accept once this is done i’ll go back on to my course service and over here now i should be able to go ahead and use the namespaces so now over here we are going on to our data container onto our courses. (21:12) json file then i’m going ahead and downloading the content over here i’m taking basically the content onto a stream reader so let me go ahead and use the system.io namespace and then over here i’m going to go ahead and take that json content and deserialize it using the json serializer so over here this is actually part of system.txt. (21:42) json so over here i want to go ahead and return a list of course objects remember we have our course class over here next i’m going to go ahead and copy paste code for returning a particular course so over here we need to ensure that we enter a course id and then we’ll go ahead and use that course id to go ahead and get a particular course and then i’ll paste in another method this will be used for adding a new course so over here we’re going to go ahead and pass in a new course object again i’m going ahead and getting all of (22:22) the content of our blob in our storage account if i go ahead and scroll down so over here i’m getting the list of courses through deserialization over here i’m converting it on to a list and then i’m going in and adding the new course then i’m going in and now using the serialize method to go ahead and now serialize that json content back onto our azure storage account over here let me go ahead and also include the namespace for encodingthatsystem. (22:57) txt right so now i have my course service in place now let’s mark an end onto this chapter and go on to the next chapter wherein let’s go ahead and try to complete our web api implementation in visual studio now let’s go ahead and complete our web api implementation so over here now let me go ahead and add now a new folder so over here now i want to go ahead and add my controllers so i’ll add a controllers folder over here let me go ahead and add a new controller so i’ll choose an mvc empty controller (23:42) click on add over here let me go ahead and give a name for the controller so it’s a course controller now again i just want to re-i treat to students this is not a.net course by any way over here i said just for the sake of explaining what i’m doing in the code i’m just trying to explain to students that how i’m actually building this web api it then gives a better understanding on how to invoke apis via the api management service now for the course controller since this is a web api he needs to inherit from (24:16) controller base then i’m going to go ahead and add some attributes to mention that this is an api controller and over here i’m adding a route so if i want to go ahead and you know invoke the different methods that i have for the web api i need to go ahead on to the slash api course part of the url now next within my class i am adding a property for my course service so over here let me go ahead and include the namespace so it’s web api services because i have my course service under services going back on to my course controller (24:56) now i want to ensure that i can actually go ahead and use this course service class and for that we have to go ahead and make use of dependency injection so i have to go on to my startup class and over here in the configure services section i’m going to go ahead and add two things so the first thing is our core service which i’m adding has a transient service let me go ahead and again include the namespace and over here now i’m also ensuring to add my controllers so we are making controllers in our program so we need to (25:32) ensure that we add that has a service as well if i go ahead and scroll down so by default this is the end point that we have in place i’m going to go ahead and delete this and since we’re using controllers i’m going in and ensuring i map the route that i added onto the controllers let me go ahead and just save everything and let me go back on to my course controller now the first thing i’m doing is to go ahead and add a constructor when i get basically a handle onto my course service now next i’m going to go ahead and (26:05) remove this i don’t need the index method instead i’m going to go ahead and add now a method known as get courses this will be a get method and over here this is going to go ahead and return a result of ok and along with that it’s going to go ahead and get all of the courses remember as part of our course service class we have get courses and this will actually go ahead and return a list or basically an array of courses so over here remember in our course service we do have a method so if i go on to the course service class (26:40) over here remember as part of get courses the the method that we have we are returning basically an array of courses now next i’m adding a method for getting a particular course now over here i am going to ensure that because i’ll be passing id onto the url to fetch a particular course we’ll basically take it as the id will pass that id on to our method so over here remember we have this get course method over here we’ll pass in the id so we can go ahead and return that particular course and then finally for adding a course i’m (27:17) going in and adding a post operation over here let me go ahead and ensure that i can use the namespace right so we have this also in place right so it seems i have everything in place so let’s go ahead and confirm let me go ahead and run this in the browser now over here page can’t be found and that’s fine because we have nothing running on this particular port number at this particular url we have to go on to remember api and course and now we are getting a list of courses remember this is picking up the data from the (28:01) json file in azure storage account and it’s returning this information on to us remember that in our controller this is based on the route so slash api slash course and remember that’s the same thing we have over here and remember we can also go ahead and pass in an id so let’s say we want to go ahead and return the course name of az104 so over here this is the course id so let me go ahead and add this over here and over here we’re getting only that particular course so now let’s mark an end on to this (28:41) chapter where we now have our web api in place now in the last chapter we had gone ahead and developed our web api in visual studio now let’s go ahead and publish this web api onto our web app in azure i can also see that i have my api management instance in place but first let me go on to my web app so i have my web app running over here so over here if i just go ahead and take the url and if i go on to a new tab right so this is the demo application now let me go on to visual studio take the project right click and let me go ahead and hit (29:33) on publish i’ll go ahead and choose azure go on to next over here i’ll go ahead and choose azure app service go on to next over here i’ll go ahead and choose my web app and hit on finish then i’ll go ahead and hit on publish let’s wait till this is complete now once the publish is complete now let me go ahead and basically now add api slash course and now i’m getting my list of courses let me go ahead and add a particular course id so i’m just getting the first course that is also fine (30:26) this should also work in the postman tool if i go ahead and click on send so here i’m getting the output has desired now let me also go ahead and confirm whether i can issue a post request that is to add a course so i’ll go on to the next tab go ahead and add the url choose it has the post request let me go on to the body i’ll choose raw over here let me go ahead and choose json then i’ll go ahead and add details for a new item so currently in our storage account in the courses.json file i have it till (31:06) c0005 so let me go ahead and add this request let me go ahead and hit on send so now in the response i can see at 200 okay i can also see the body of the text has added if i go on to my courses.json file let me go ahead and hit on refresh and over here you can see your new course in place so it means even our web app is also now working so now that we have our azure web app in place now let’s go ahead and add an api in our api management service so in this tab let me go on to all resources over here let me go ahead and choose my (32:00) api management service over here let me go on to apis let me go ahead and just hide this now by default we get a sample api that is an echo api if you don’t need this api you can go ahead and hit on delete because we don’t require it now we can go ahead and add a blank api which we are going to do but you can also go ahead and create an api based on different specifications so let me go ahead and choose a blank api now over here let me go ahead and give a name what is the web service url so over here let me actually go on to (32:45) new tab i’ll open web services in a new tab so i’ll go on to our web service i’ll go ahead and take the url i’ll place it over here and let me go ahead and hit on create so this will be now a base url for the api gateway service so i’ll go ahead and hit on create now once we have the api in place we can actually go ahead and start adding our operations so let me go ahead and add now an operation over here let me go ahead and give a display name of get courses now over here we are going to choose it as a get request (33:39) and over here let’s go ahead and choose api course so this will be the api the operation for getting all of the courses we can then go ahead and click on save now for each api operation that you have over here you have settings for that operation so these settings are over here and you also have policies which you’ll be looking at at a later point in time so these policies are actually over here so we have policies for basically the inbound processing for the backend and for outbound processing so over here if you actually go ahead (34:29) and click on the form base editor so over here you have basically the configuration of the operation itself now for this operation you can actually go on to test and you can actually go ahead and test this operation from here itself so let me go ahead and click on send and note the url so this is the url now the base url of your azure api management service slash api slash course let me go ahead and hit on send right we’re getting a 200 okay and if you go ahead and scroll down we’re getting all the courses over here (35:13) now let’s say has a user i want to go ahead and now invoke this particular url so we can go ahead and take the request url let me go on to the postman tool let me go on to another tab let me go ahead and add that url the get request and let me go ahead and hit on send now over here i’m getting an error so an access denied so this is the basic security feature that is available with the azure api management service and this is basic we have a lot of features that are available when it comes to security (35:53) when it comes to the azure api management service and over here remember we have only gone ahead and added one api you’ll actually go ahead and add hundreds of apis behind your api management service so over here in order to go ahead and basically authenticate ourselves to use this api we have to go ahead and add something known as a subscription key so we have to go on to the headers of the request going back over here in the http request we can actually go ahead and see the subscription key over here please note that since i’ve logged in (36:35) has the azure admin i have the ability to go ahead and see this key so i’ll go ahead and take this name i’ll place it over here has the key and what is the value let me go ahead and take that and place it over here and let’s go ahead and now click on send and now we are getting all of the course information right so let’s mark an end on to this chapter wherein we have looked at importing our api and adding our first operation now in the last chapter we had gone ahead and added a get operation now remember we had in our api in our (37:25) azure web app we have other operations as well so we could also go ahead and find for a particular course so if i go ahead and enter the course id this is in the api gateway let me go ahead and hit on send and see what happens so it’s saying the resource is not found and that’s because we need to go ahead and add an operation for finding a particular course and what about a post request as well so let’s go back on to our api onto the course api over here let me go ahead and click on add operation so over here (38:06) i’ll go ahead and give a display name now over here in terms of the url so i’ll go ahead and specify slash api slash course and then the id if you go ahead and scroll down you can see that it’s also coming up has a template parameter now let me go ahead and hit on save so now over here we have two operations in place we have a get goes and we have get courses now over here if we go ahead and run this so now over here you can see the result has desired now let’s go ahead and add another operation so this time it is going to be the post (38:55) request so let me go ahead and add an operation so over here let me go ahead and give a name i’ll go ahead and choose it has the post method again slash api slash course and let me go ahead and hit on save but this time remember it’s a post request so over here let me go ahead and change this onto a post request i’ll go on to the body i’ll go on to raw i’ll go ahead and choose json and i need to go ahead and add it over here so if i go on to previous request let me go ahead and copy this i’ll place it over here (39:43) let me go ahead and change the id let me go ahead and give a course name so if i go onto my courses.json file this is currently what i have so let me go ahead and hit on send so here i forgot to go ahead and remove the course id let me go ahead and hit on send right so it’s added let me go ahead and hit on refresh and i can see it is added over here so you can go ahead and add your api operations your other api operations as well now currently as part of our setup we can go ahead and invoke our api either either the api gateway (40:44) or even wire our azure web app now it doesn’t make sense that we could go and invoke the apis from both places the entire idea is to go ahead and ensure that we only invoke the api via the azure api management service because the api management service will anyway in turn call our azure web app so the way that we can actually do this one way of doing this is to go ahead and restrict traffic onto the azure web app so for the azure web app if you go on to the networking section over here if you go and scroll down (41:27) there’s something known as access restrictions we can go ahead and configure access restrictions and over here we can go ahead and add different rules so currently there is only one inbuilt rule which allows traffic from anywhere so firstly what i’ll do is that let me go ahead and add a rule let me go ahead and just give a name so first i’ll deny all traffic so i’ll go ahead and choose deny i’ll go ahead and give a priority over here let me go ahead and give the address block has anywhere so all traffic is denied and (42:07) let me go ahead and add the rule right so now you can see even the rule of allow all is also removed now let me go ahead and add another rule this time let me say allow api management over here let me go ahead and skip less priority now over here in the ip address so if i go on to my api management service so over here we have a public ip address let me go ahead and copy it onto the clipboard let me paste it over here and let me go ahead and add the rule right so we have this rule in place now if you go on to our web app (43:12) over here i only have the url open up in another tab so let me go ahead and try to get now all of the course information and you can see we’re getting a forbidden error message now going on to the postman tool let me go ahead and get now the same information from the api gateway so let me go ahead and change this on to a get request and let me go ahead and click on send and now we are getting all of the information so now we can ensure that we call our apis only via the api management service now in this chapter i want to go ahead (44:00) and explain the virtual network feature which is available as part of the azure api management service so so far we have seen how we could go ahead and basically create an azure web app so this is basically a public service and then we went ahead and pointed our api management service against the apis hosted in the web app but let’s say that you have an api hosted on a web server on an azure virtual machine that is part of a virtual network now you can go ahead and allocate a public ip address off or for this virtual machine and (44:47) ensure that the azure api management service points on to the public ip address but in most companies if they want to go ahead and secure their apis they may not want to have a public ip address in place they only want to go ahead and have a private ip address in place and when you have a private ip address you can’t go ahead and reach the apis via the public internet and this is required by the api management service the api management service needs to have the abilities to talk to the underlying apis so if you want to go ahead and have (45:27) private communication to the apis that are hosted on let’s say a virtual machine in a virtual network you can actually go ahead and enable the virtual network feature which is available for the azure api management service when you go ahead and enable this feature then there is a link that gets created between the azure api management service and the virtual network now there are two settings that are possible when it comes to the virtual network setting for the azure api management service first is external (46:10) so over here the gateway is accessible from the public internet via an external load balancer this means that requests can actually come from the internet onto the azure api management service and they can be directed onto the apis in the virtual network or you could only have it internally that means only users from within the virtual network you know within that environment itself can actually go ahead and access the virtual machine which is part of the virtual network over here users from the internet cannot (46:50) go ahead and invoke the apis so this is when you have your apis only to be hosted within the company network itself if you want others to go ahead and maybe access the apis then you can go ahead and create site-to-site vpn connections from your on-premise servers onto the azure virtual network again this is just a scenario that is available now we are going to go ahead and see an example on how you can enable this virtual network connectivity for the azure api management service now here we are in azir now the first (47:32) thing i am going to do is to go ahead and create an azure vm this will be used for hosting our apis so over here let me go ahead and create a new virtual machine now over here i’ll go ahead and choose one of my existing resource groups over here let me go ahead and choose the central us location let me go ahead and give a simple name for the vm no infrastructure required i’ll go ahead and choose windows server 2019 data center i’ll choose a size that is available let me go ahead and enter the account details (48:17) over here in the post let me go ahead and allow traffic on port 80 because we will be installing internet information services to go ahead and host our api i’ll go on to next for the disks i’ll leave everything as it is i’ll go on to networking now over here we need to go ahead and make a change so let me go ahead and hit on create new so over here we have to ensure that whatever is the ip address range that is assigned onto the virtual network over here we have slash 16 in place and the subnet is slash 24 (48:52) and that is because we need a new subnet that is required by the azure api management resources so over here let me go ahead and give a name for the network over here i can go ahead and leave the address range as it is over here let me go ahead and give a name for a new subnet that’s known as api subnet over here let me go ahead and enter basically a subnet which is in the range i’ll go ahead and hit on ok over here i’ll ensure that the subnet is a default subnet so it might go ahead and change onto the new subnet that we (49:33) created so i’ll leave it in the default subnet i’ll leave everything else as it is let me go onto next for management i’ll go on to i’ll go on tags i’ll go on review and create and let’s go ahead and hit on create let’s come back once we have the vm in place now once you have the vm in place let me go ahead and connect on to the vm so i’ll go on to connect rdp i’ll download the rdp file i’ll connect on to the server so i’ll go ahead and click on yes now on the vm i’ll go ahead and click on (50:33) add roles and features so i’ll go on to next now i’m going to go ahead and also deploy basically an api solution so we had seen this early on we had gone ahead and deployed that web api onto an azure web app this time we’ll go ahead and deploy it onto azure vm so i’ll go on to next web server now i’m going to go ahead and deploy that basically from visual studio so for that i’m going to go through these steps of how do you enable a vm when you want to go ahead and publish a project basically from visual studio so we had (51:11) seen this earlier on so for now i’ll go on to next now over here let me go ahead and enable the management service i’ll go ahead and click on add i’ll go on to next and let me go ahead and hit uninstall now in the meantime i’ll go on to my web api so this is the same web api that goes at and interacts with our courses. (51:41) json file so now instead of publishing this onto an azure web app i want to go ahead and publish this onto an azure vm now over here i have a storage account in place now let me go on to the access keys i’ll show the keys i’ll take the connection string let me go ahead and replace the connection string over here so i do have a data container courses. (52:10) json so over here if i go on to my containers if i go on to data container so i have my courses.js file right so let me go ahead and just verify this i’ll run this locally so over here let me go on to slash api slash course right so i’m getting all of the data now let me go back on to my vm so i can see this is complete now let me go over onto tools i’ll go over on to internet information services manager over here let me go on to the vm let me go on to the management service let me go ahead and enable remote (53:06) connections over here let me go ahead and hit on apply i’ll go ahead and hit on start right now next let me go over on to local server i’ll go on to i and on security configuration i’ll turn this off i’ll go on to internet explorer over here let me go ahead and search for dotnet code 3. (53:44) 1 download so i’ll go on to the download section i’ll go on to esp.net core on time i’ll install the hosting bundle i’ll go ahead and click on run so i’ll agree to the license terms and click on install once this is complete i’ll go ahead and search for web deploy 3.6 download so again download version 3. (54:25) 6 i’ll go ahead and hit on download over here i’ll choose the 64-bit version i’ll go on to next i’ll go ahead and allow once so let me go ahead and run the installation so i’ll go on to next for the installation i’ll go ahead and choose the complete installation now once this is complete let me go ahead and hit on finish so everything is done on the vm now over here let me go on to demo vm let me go on to the overview let me go on to the dns name let me go ahead and just configure a dns name to see if it’s available (55:16) i’ll go ahead and just click on save next let me go on to the networking so i’ll go back on to demo vm networking add an inbound port rule for 8172 so over here it’s 8172 tcp allow give the name click on add so the same steps for publishing a web application from visual studio because over here again it’s just a web project the only difference is that it’s an api that’s the only change so once this is done just want to ensure that i have the rule in place over here now in visual studio let me go on to my project (56:11) right click hit on publish now over here i’ll go ahead and create a new published profile in case i already have a published profile in place i’ll choose azure i’ll go on to next i’ll choose azure virtual machine i’ll go on to next over here i’ll go ahead and choose demo vm so it seems to be okay i’ll go ahead and hit on finish i’ll go on to my profile i’ll go on to more actions hit on edit over here i’ll go on to connection i’ll go ahead and specify my password i’ll go ahead save the password and then (57:06) validate the connection i’ll go ahead and accept the certificate and then i’ll go ahead and hit on save now let me go ahead and hit on publish right so it’s gone ahead and published the project now if i go on to the overview of the vm i take the public ip address i go on to new tab i go on to slash api slash course and over here you can see the response in place so in this chat just want to go ahead and do the prep work when we now have our api hosted on an azure vm now in the last chapter we had gone (58:00) ahead and set up now the vm which has our api in place now we need to go ahead and enable the virtual network connectivity onto an api management instance now over here in azure i already have an api management service in place if i go on to my apis i should only be having the echo api in place now if you go ahead and scroll down so if you go on to virtual network here is where you can actually go ahead and configure the virtual network now before i can go ahead and apply the network configuration for the virtual (58:38) network i need to go on to the network which is hosting my virtual machine over here i need to go on to subnets i need to go on to the api subnet and i need to ensure that it is using a network security group now by default when you go ahead and create a vm it will go ahead and create a network security group so just for the purpose of this demo i’ll go ahead and choose the same network security group and let me go ahead and hit on save now let me go on to the api management instance now over here i’ll go ahead and (59:23) choose external which means that users can actually go ahead and access the api on our virtual machine from the outside wall from the internet so over here i’ll go ahead and click on the virtual network and over here let me go ahead and choose my api network i’ll go ahead and choose my api subnet and now over here it’s also asking for a public ip address so let’s do one thing let’s go ahead and cancel out of here i’ll discard all of the changes now my api management service is in the central us location (1:00:06) so in another tab let me go ahead and create a new public ip address i’ll hit on create over here i’ll choose standard i’ll choose the tier has regional over here let me go ahead and just give a name i need to also go ahead and give a unique dns label name as well i’ll go ahead and choose my subscription i’ll choose my resource group i’ll make sure it’s in the central u. (1:00:44) s location and let me go ahead and hit on create let’s just wait for a minute or two now once the deployment of the public ip address is done i’ll go on to my api management service i’ll go again on to the virtual network section over here i’ll go on to external again let me go ahead and choose the virtual network i’ll go ahead and choose my ip address and i’ll go ahead and choose my api subnet and let me go ahead and hit on apply and then let me go ahead and hit on save now over here it says that the changes (1:01:32) could take around 15 to 45 minutes to apply so let’s wait for some time and let’s see if the changes take effect now once you’re the network configuration in place there is one more setting that we need to do and this is basically for the firewall rule that we need to add for our virtual network to go ahead and allow communication onto the api management service over here we have to go ahead and allow inbound traffic onto port 3443 so i can go on to my demo vm machine i can go on to networking i can go ahead and add an inbound port (1:02:10) rule over here itself because remember this network security group is also assigned onto our api subnet so let me go ahead and add an inbound port rule over here let me go ahead and add that port number so it’s three four four three let me add it over here the tcp protocol and let me go ahead and click on add let’s wait for a minute for the rule to take effect let me go ahead and also add an inbound port rule for port 443 so over here let me go ahead and choose https i’ll leave everything as it is just change the name and let me go ahead (1:03:00) and click on add now once the rule has taken effect i’ll go on to my api management instance let me now go on to the api section then over here let me go ahead and create a blank api so over here let me go ahead and give a display name now in the web service url so i’ll go on to the demo via machine over here now i’ll take the private ip address that is assigned on to the network interface so i’ll go ahead and copy this i’ll go ahead and place it over here and let me go ahead and hit on create (1:03:58) now for the api let me go ahead and add an operation so let me go ahead and hide this over here let me go ahead and add an operation so this is to get the course and over here slash api slash course and let me go ahead and hit on save now let me go over on to the test section let me go ahead and take the request url i’ll go on to the postman tool i’ll go on to another tab over here let me go on to headers let me go ahead and take the subscription key so i’ll take the key and then i’ll go ahead and take the (1:04:53) value and let me go ahead and hit on send and now over here getting the response has desired so remember now our api gateway is making a request onto the private ip address of the virtual machine that is located in the virtual network you can then go ahead and discard the public ipaddress that is assigned onto the azure virtual machine so this is how you can actually go ahead and incorporate a virtual network with your api management instance hi and welcome back now in this chapter i’m going to be going on to api management policies (1:05:38) so here we’ll just have a quick overview of how we can implement policies in api management now policies are nothing but a collection of xml statements and this can be used to execute an operation on the request or the response of an api now let’s say you are a user or an application that needs to go ahead and access an api via the api management instance you can actually go ahead and implement policies that can be used to execute an operation on either the request before it is directed on to the backend api (1:06:14) or you could go ahead and implement a policy that could implement an operation before the request is actually sent on to the api so over here you have a request that is sent onto the api management instance then the request is sent on to the api so you can add an operation at this point you can add an operation at this point or you could also add an operation when the response is sent back from the api to the application itself the calling application now the different types of operations that you can perform so just quickly go on to microsoft (1:06:49) documentation just to give you an idea of the different policies that you have so here i am in the api management policies page now this page will give you a list of the different policies that are available so you could have one policy in place that could ensure that you have a particular http header that exists in the requests only then the api will be called so this is another layer of security that you can actually add based on access restriction so maybe you might have a malicious user who’s trying to access your api (1:07:26) but let’s say you have legitimate users who need to ensure that they add a header request key and a value that error key and value request will only be accepted then by the api you can go ahead and ensure that you have such a policy in place for azure api management you can also go ahead and limit the call rates so this is good when you want to avoid malicious users who are trying to bombard your apis so you can go ahead and limit the call rate itself to ensure there is not too much of a burden on your apis (1:08:00) so so on and so forth there are many policies which are in place you have policies which are in place for access restriction you have advanced policies also for example to control the flow of the request to forward requests if you scroll even down there are policies also in place for authentication over here so there are different policies available for azir api management so over here back on our api management service i’ll go on to apis let me go ahead and hide this i’ll go onto my course api now over here i’ll go on to let’s see my (1:08:45) get courses operation over here let me go ahead and open up the policy code editor and over here if you go ahead and scroll down so you can go ahead let me go ahead and expand this so i can see policies for inbound for the back end for the outbound and for on error as well so i’m going to go ahead and add now a ip filter wherein the action is forbid and over here i’m going in and giving what is the ip address the public ipaddress that is assigned onto my workstation let me go ahead and click on save once this is (1:09:33) done if i go on to the postman tool over here if i go ahead and try to issue a get request against my api let me go ahead and click on send over here now i’m getting a forbidden error message if i go it on to the policy form editor if i go ahead and just remove this go ahead and click on save over here if i go and click on send so i’m getting the information again so over here a very simple example on a policy on how you can restrict traffic based on ip addresses now in this chapter i want to go ahead and show you another policy when it (1:10:26) comes to the rewrite url now sometimes when clients call your apis they might be calling it in a certain way so for example over here if i want to get a particular course based on the course id they might go ahead and let’s say enter it has a query string parameter like this now what you can do is that you can actually go ahead and add a rewrite url policy so that the api gateway understands this request and can go ahead and send the response this is just an example so over here if i go ahead and click on send (1:11:16) so over here it’s not able to go ahead and understand what it needs to give you so it’s giving you all of the information again it’s not giving you based on the course id so over here for the get courses that particular operation i’ll again go on to the inbound processing the policy code editor let me go ahead and expand this so i’ve gone ahead and added this snippet of code now when the user actually makes a request an api request via the api management service the api management service has (1:11:55) access onto that request so you can go on to the context object you can go ahead and take the request and you can go ahead and get the query string parameters and over here i’m getting the query string parameter of the course ide and we can go ahead and set variables within the policy itself so i’m going in and setting a variable of an id and setting the value has the course id what i’m setting has the query string parameter then i’m going in and using the re write uri so this is the policy over here now i’m going in and returning (1:12:29) slash api slash course and what is the id so i can go ahead and get that context variable so over here i am now taking that url so over here if i go ahead and take this url the api gateway will take that url and now submit that url in a format that is understandable by our api which is hosted on our azure web app so remember our web app understands the response of what the format like this so our api gateway will go ahead and take the previous format and basically change it in a way in a url that is understandable by the api running on our (1:13:19) azure web app so over here let me go ahead and click on save once this is done now let me go ahead and send this request again and now over here you can see it’s only going at and returning that particular course so this is how you can actually go ahead and use that rewrite uri policy now in this chapter i want to show you how you can make use of conditions within your policies so over here let me go ahead and open the policy code editor and let me go ahead and add one snippet of code so now over here i can go ahead and now add when (1:14:10) conditions and you can actually go ahead and add this in a choose block now over here i am going ahead and getting one of the request headers so i’m assuming that now when a request is made on to the api management service there is a request header with the key name of customer key and over here i am checking if the customer key has this value only then go ahead and basically return all of the courses information so let me go ahead and hit on save so i’m actually doing this remember for my main get courses operation (1:14:55) now if i go on to the postman tool and let me go ahead and try to now get all of the information so now you can see we’re getting an internal server error because now it expects that information so if i go on to the headers over here let me go ahead so i have the policy over here as well so let me go ahead and add the header key as customer key and in the value let me go ahead and enter this value right now let me go ahead and hit on send and now i’m getting all of the information so in this chapter just want to go ahead (1:15:41) and show you how you can make use of conditions now in this chapter i just want to go through how you can change the outbound response that is given by the azure api management service so you can go ahead and apply a lot of policies that are available in the api management service you can go ahead and apply a policy on to the inbound request you can also go ahead and apply a policy onto the outbound response has well now in this chapter i just want to go ahead and give a very simple example on this so over here i have an api management (1:16:27) service in place i just have one simple operation of getting courses so if i go on to get courses over here if i go on to test over here let me go ahead and take the request url i’ll go on to the postman tool so i just want to go ahead and confirm that this is working over here i need to go ahead and add what is the subscription key so let me go ahead and do that i’ll take the subscription key add it over here add the value as well and click on send right so i’m getting the response has desired so over here the change which i’m doing (1:17:23) is let me go ahead and click on expand so over here in the outbound i’m going ahead and adding a condition now i’m saying that when the condition when the response from the back end is a status score of 200 that is okay so in this case i don’t want to go ahead and do anything so if you’re getting a good response from the back end so you can go ahead and relate onto the user but just to go ahead and give you an example on how you can actually change the response that’s sent back on to the (1:17:55) user i’m going ahead and just giving this example so i said when the back end the response from the back end so that is now available even to our as your api management service because our request and responses are going why the azure api management service so over here i’m looking at the context of the response and if the status code of the response is a 200 okay then go ahead and change the status code over here i am saying go ahead and return the status score of 4. (1:18:28) 1 that’s unauthorized i can also go ahead and set the value of the headers and over here i can go ahead and also set what is the body of the response so i said this is not a real-time scenario so over here i am just trying to go ahead and show you how you can actually change the response that is sent on to the user so let me go ahead and hit on save now once this is done if i go ahead and now send the request again now you can see i’m getting an invalid request if i go on to my headers over here you can see the header in (1:19:12) place so you can also go ahead and control the outbound responses as well now in this chapter i want to go through the cache feature which is available with the azure api management service so with this feature as your api management can actually go out and cache full responses so let’s say that over here as your api management is connected onto an existing azure web app let’s say the user is making a request onto the api let’s say then the azure api management service gets the basically the response on the azir web (1:19:54) app and relays it back on to the user if you have gone ahead and enable the cache feature the first time that as your api management goes ahead and gets a response onto the request it will be stored in the cache so that next time when the user or another user makes the request again the same request again the response can actually come directly from the cache instead of actually going back onto the azure web app for the response itself this actually goes ahead and reduces the time to go ahead and get the response (1:20:31) so let’s see how we can go ahead and implement this cache feature so over here i have an api management service in place so over here i have the course api it’s basically going ahead and getting the information from one of my azure web apps so again nothing that has changed only thing is that i have a brand new api management service so over here if i go on to the get courses operation if i go on to test let me go ahead and just hide this so that we get a better view so let me go ahead and click on send (1:21:14) over here just to confirm that we are getting the response right so we’re getting the response back over here if you go on to the trace you can look at the trace based on the inbound request the back end request the outbound response etc so remember all of these are based on the policies that are defined in the azure api management service so if you go on to the inbound request you can see all the details about the inbound request over here if you want to go ahead and look at the entire response latency over here you can see the entire (1:21:49) response time we can go ahead and click on send again so over here you are getting this as the response latency now let’s go ahead and implement caching for this particular operation so over here i can go on to the operation let me go on to the design i’ll go ahead and choose the operation now over here if i go on to the inbound processing policy i can go ahead and add a policy and over here let me go ahead and search for cache responses so let me go ahead and choose that now over here you just have the basic (1:22:31) configuration but you can also go ahead and choose the full configuration as well over here you can go ahead and decide for how long do you want to go ahead and cache the response in the azure api management service so you can go ahead and give this time in number of seconds and you have other settings as well for now let me go ahead and keep everything as it is and let me go ahead and hit on save so now if you actually go on to the policy code editor to see what change has been done so if you go and scroll down so you can (1:23:09) see that in the outbound policy it has gone ahead and added the cachet store duration so over here you’ll go ahead and specify for how long do you want to go and cache the response then we have in the inbound request to go ahead and look in the cache so now whenever a request is coming on to the azure api management instance it’s going to go ahead and look in the cache over here you have different settings when it comes to how do you want to go ahead and look in the cache for the desired response so over here let me go ahead and just (1:23:47) leave everything as it is i won’t go ahead and make any changes onto the cache and let’s see if this makes any sort of difference so now let me go on to test so over here again get courses let me go ahead and again get a better view and let me go ahead and hit on send so over here it is going to go ahead and take times if i go on to the trace so it is taking quite a bit of time now if you go on to the inbound if you go ahead and scroll down so over here in terms of the cash lookup you can now see it’s using the internal (1:24:35) cash now over here the cash lookup resulted in a miss and that’s because this was the initial request but now that response which we got back from the azure web app should now be cached in azure api management so if i go ahead and click on send again over here you can see a reduction in the response latency and if i go on to inbound and if i go ahead and scroll down so over here you can see now the cache lookup resulted in a hit and now that cachet response will be used so now that response is being cached for (1:25:18) a duration of 120 seconds to go ahead and get a faster response so if you have a lot of static content that stays static for quite a bit of time you can go ahead and make use of this cache feature now if i go on to the pricing for api management if i go ahead and scroll down so remember these are the different tiers that you have when it comes to azure api management when you go on to the cash section over here you can see that under the developer tier you only get 10 mb of cash so that means only 10 mb of data (1:25:54) can be stored in the cache which is quite little it’s only when you go on to higher tiers then you can actually go ahead and have a better storage when it comes to the underlying cache right so in this chapter i want to go ahead and explain this feature that is available in the azure api management service now in this chapter i want to show you an easier way in which you can actually go ahead and import your apis into the azure api management service so if you go ahead and add open api documentation onto your project you can (1:26:34) actually go ahead and just import the api using that open api specification now in order to go ahead and accomplish this i’m going to go ahead and implement swagger to go ahead and document my apis so over here i’ll go on tools i’ll go on to nuget package manager and i’ll go ahead and manage new kit packages for the solution now over here in browse let me go ahead and search for swash so i want to go ahead and choose swashbuckle.asp. (1:27:10) netco let me go ahead and install it once this is done i’ll go on to my startup class over here firstly in these services let me go ahead and add the swagger generator then in my configure method over here let me go ahead and configure the use of swagger and then i’ll go ahead and add a swagger endpoint so now if i go ahead and run my project now over here if i go on to slash swagger so now i can see the documentation for my api so over here you can go ahead and select different definitions so this definition (1:28:12) is basically coming in from here i went and created an endpoint and then going back over here you can go ahead and actually test out the different apis that are being exposed by your web api project so over here if you want to go ahead and get all of the courses you can go ahead and choose get you can go ahead and try it out now you can go ahead and hit on execute and over here you’ll get the result so all of this is now coming in has that api definition and now we can actually go ahead and use this api definition (1:28:46) and import this api directly onto the api management instance so over here if i actually go ahead and add an api now over here i can go ahead and create from an open api specification so over here i have to go ahead and give that open api specification so what i’ll do is that let me go ahead and actually publish this onto my azure web app so let me go ahead i’ll just save everything let me right click and let me go ahead and hit on publish so i’ll publish this onto my azure web app let’s wait till this is complete so yes (1:29:32) i want to go ahead and stop debugging now once this is complete in another tab let me go on to my web api so i’ll go on to the overview i’ll copy the url go on to new tab i’ll do that first then let me go back on to the startup class so let me go ahead so let me go ahead and now take this part of the url place it over here and now we have the json definition of the apis which are being exposed by our web api application now i can go ahead and take this url so now back in the api management instance let me go ahead and just hit on (1:30:35) cancel let me go ahead and delete what i have for my existing course api and now let me go ahead and create from a definition so let me go ahead and click on again open api and over here let me go ahead and give this full url i’ll specify it over here if i click anywhere it should go ahead and give the display name and the name let me go ahead and hit on create so now it has gone ahead and added my web api and you can see it has automatically also gone ahead and added all of the operations over here the get operation (1:31:17) the post operation the get operation when you go and add a course id right so in this chapter just want to show you how you can add that open api documentation onto your web project your web api project and how you can import an api in the azure api management instance using that open api documentation hi and welcome back now in this chapter i want to go ahead and explain how you can actually go ahead and enable oauth for your azure api management service now currently i have an api management service in place this is actually (1:32:02) pointing onto an api now when it comes to the web api that is hosted on the azure web app service it is a simple.net core application that is based on the web api over there in the dotnet program i am not going ahead and having any sort of oauth in place so i have not gone ahead on to the startup class i have not gone ahead and enabled oauth against the microsoft identity platform it’s a simple web api that is going ahead onto a courses. (1:32:40) json file in a storage account is something we have seen early on and it’s going in and getting the information so if i go ahead and invoke the api from the postman tool i’m getting the response as desired but now let’s say that ati is your api management level the postman tool needs to go ahead and send an access token that’s a better token on to the azure api management instance only then will azure api management actually allow access onto the underlying api so this is something that you can do so in the postman tool again you will go (1:33:30) ahead and try to get an access token from the token endpoint and then you’ll go ahead and send this access token onto the azure api management service so over here when calling the azure api management service we need to go ahead and add the bearer token over here in terms of the authorization now the first thing that we need to do is to go ahead and create two application objects in azure ad the first application object will go ahead and represent our postman tool and the next application object will go ahead and (1:34:16) represent our as your api management instance so let’s go ahead and do that so now over here in app registrations i’ve gone ahead and deleted whatever app registrations i had so now let me go ahead and create two registrations so first is for the postman tool i’ll go ahead and hit on register and the next is for my as your api management instance let me go ahead and hit on register over here now for the api management instance since this is going ahead and exposing an api i have to go ahead on to the (1:35:15) expose and api section and over here let me go ahead and add a scope i’ll go ahead and accept the application id uri and let me go ahead and hit on save and continue over here let me go ahead and give a scope name let me go ahead and choose admin and users i’ll go ahead and just give the same display name description over here and let me go ahead and add the scope so we are going ahead and adding or exposing a scope for the application object this will be attached onto our api management instance now since we are going to be invoking (1:36:08) the api from the postman to i have to go on to app roles and let me go ahead and create an app role so over here i’ll do a courses dot read i’ll give it to applications i’ll go ahead and give the same value over here and the description and let me go ahead and hit on apply now next i’ll go back on to my registrations i’ll go on to the postman tool now over here in api permissions let me go ahead and add a permission so i’ll choose my apis i’ll choose the api management application object (1:36:52) i’ll choose the permission of course dot read at the permissions and let me go ahead and just grant admin consent for the default directory right so now once this is done let me go on to the azure api management instance let me go ahead and expand this and over here let me go on to the oauth section and let me go ahead and now add an oauth configuration over here we need to go ahead and give a name if i go ahead and scroll down we can just go ahead and give a very simple url just for the client registration page (1:37:38) this is not required now since i want to go ahead and use the postman tool i’ll go ahead and choose client credentials now over here we have to go ahead and give the authorization endpoint url so over here let me go on to the api management application object i’ll go on to the endpoints now i’ll take the or 2. (1:38:04) 0 authorization endpoint v2 i’ll copy it i’ll place it over here i’ll choose both the get and the post request i need to go ahead and now give the token endpoint url so i’ll go on to or 2.0 token endpoint v2 i’ll copy that let me go ahead and place it over here i’ll go ahead and scroll down now over here i need to go ahead and give the scope so then what i’ll do is that i’ll go on to expose an api over here i’ll just go ahead and copy the scope then i’ll place it over here next we need the client id and the (1:38:47) secret so let me go back on to api management i’ll go on to the overview i’ll take the client id i’ll go ahead and copy it over here next we need the client secret so i’ll go on to secrets i’ll generate a new secret i’ll go ahead and click on add a copy the value of the secret i’ll place it over here and then over here i’m going to go ahead and copy the authorization code grant flow so i’ll go ahead and copy this i’ll go on to my api management object over here i’ll go on to authentication (1:39:33) i’ll go ahead and add a platform i’ll choose web over here i’ll go ahead and enter that has the redirect uri and let me go ahead and click on configure once this is done let me go ahead and hit on create over here so we’ve gone ahead and create our oauth service configuration now let’s mark an end on to this chapter and in the next chapter let’s go ahead and complete our entire configuration of oauth now in the last chapter we had gone ahead and configured oauth for the azure api management instance (1:40:19) now we have to go on to our apis i’ll go on to the course api let me go ahead and hide this now over here i can just go on to my get courses operation or you can even go on to all operations if required go on to settings over here you need to go ahead and scroll down actually so when you go ahead and scroll down over here in terms of the security in user authorization you can go ahead and add or 2. (1:41:02) 0 and over here you can go ahead and add that setting and then you can go ahead and click on save now once this is done you have to now go on to design of the get courses we have to go ahead and add a policy so let me go ahead and open the policy editor so now over here in the inbound we need to go ahead and basically add a policy over here so let me go ahead and add a policy this will be used to validate the json web token over here we need to go ahead and just change the value so this is basically the application id of the (1:41:53) api management application object that we have so over here if we go on to the overview if you go ahead and take the client id we can go ahead and replace it over here and let me go ahead and hit on save so this is actually going to go ahead and validate the json web token that will be passed through our postman tool so now we have everything in place so now if you go back on to the postman tool and if you try to go ahead and now send a request onto the course api over here you can see that you are getting the message of unauthorized (1:42:38) access token is missing or invalid so that means now based on our jwt policy that we have for the api when we go ahead and now invoke the api we need to have a valid access token in place so let’s do that so we have to go ahead and first get the access token now before i go ahead and do this if you actually go on to your api management application object there is one setting that you have to go ahead and change so you have to go on to the manifest file so remember this is the json representation of your application (1:43:19) object so all of the changes that you actually make are reflected in the json representation now over here in the axis token accepted version i’m going to go ahead and change this on to a value of 2 because over here we are going in and using the version two of the token endpoint so if you go back on to the oauth settings for your api management instance remember if you go on to the oauth setting over here if you go ahead and scroll down we’re using version two when it comes to authorization and version two (1:43:57) when it comes to the token endpoint and since now this is actually mapped on to our api management instance we have to ensure that the setting is in place so once you make the setting go ahead and click on save so once this is done let me go now on to my postman application object so the first thing we have to do is to go ahead and get an access token so over here everything the same i’m going in and still making a request onto version one of the token endpoint so remember that even though our api management instance is using version two (1:44:38) of the token endpoint we can still go ahead and use version one of the token endpoint to go ahead and get the access token this is still fine the versioning is just a matter of how do you invoke the endpoint to get the access token so over here let me go ahead and now add the client id so i’ll go on to the postman application object i’ll copy the application or the client id i’ll paste it over here next is a client secret so let me go on to certificates and secrets and let me go ahead and add a new client secret (1:45:21) i’ll go ahead and click on add i’ll go ahead and copy the value then i’ll paste it over here then we need the resource so for that let me go on to the api permissions i’ll go on to my api permission over here let me go ahead and copy this api value let me go ahead and place it over here and let me go ahead and hit on send so i think i just made a mistake when copying the client secret so over here let me go ahead and again copy the value and let me place it over here and now let me go ahead and hit on send (1:46:04) so now we’ve got the bearer token in place let me go ahead and copy this i’ll go on to this request so over here in the headers let me go ahead and enable authorization over here let me go ahead and ensure to make it a better token paste the value and then click on send and now we’re getting the result as desired so now over here we are protecting our apis which are hosted by the api management instance so we’ve gone ahead we’ve defined the or 2. (1:46:46) 0 settings for the azure api management service we have gone ahead and enabled it for the api and we’ve added a jwt policy as well now in the previous chapter we had seen how we could use the postman tool to go ahead and access a protected api that is hosted by the azure api management instance now let’s go ahead and see how we can make use of an asp. (1:47:19) net core based application so over here i’m using an application that i already have in place it’s an asp.net co based application it’s an mvc based application and it goes ahead and makes a request onto the azure api management instance onto our api itself so over here i’m just going to go ahead and let you know on what i’ve done in this code itself so again this is very simple mvc based application when it comes to authentication we’ve already gone ahead and seen in depth how to use oauth when it comes to (1:47:58) authentication so over here we are doing nothing different so over here in my home controller i am going ahead and actually making a request on to basically my api so the first thing i need to do is to ensure that i have the valid url for my api so i can go ahead and copy it for my last chapter so i have this has the valid url and i can paste it over here so over here i am getting an access token based on my scope so i have to go ahead and change the scope here so for that let me go ahead firstly on to the api management application object (1:48:47) over here in expose an api so i already have the scope in place this is something that we added early on in the last chapter so let me go ahead and copy this onto the clipboard and let me go ahead and paste it over here so i’m ensuring that i use this scope to go ahead and get the access token for the user then i’m going ahead and basically adding it in the authorization header section so over here in the header section i’m basically adding the bearer token and then using the hp client class i’m (1:49:26) going ahead and making a request onto the azure api management instance and if i go ahead and get a proper status code then i’m going ahead and setting the content onto the view back and if i go on to my pages so let me go on to the views i’ll go on to the index page and over here i’m just displaying the content so whatever i get back from the api i’m just displaying it over here now let me also go ahead back on to the home controller i’ll take the scope from here then let me go on to my startup class (1:50:11) let me ensure that i add it over here as well let me go ahead and just save everything now let me go on to the application settings.json file so now over here let me go ahead and add the details for my application object so let’s do one thing let’s go on to our default directory let’s go ahead and create a new application registrations so over here let me go ahead and just give a name and let me go ahead and hit on register now over here let me go ahead and take the client id i’ll go on to visual (1:50:54) studio i’ll go ahead and replace it over here next we need the client secret so let me go on to certificates and secrets let me go ahead and create a new client secret i’ll go ahead and click on add i’ll go ahead and copy the value let me go ahead and paste it over here now i need to go ahead and basically add a web application so i’ll go on to authentication i’ll add a platform a web application so over here localhost i’ll go on to visual studio let me go ahead on to the properties launch settings.json (1:51:42) take the port number place it over here i’ll go back onto my app settings.json file i’ll copy the sign in url i’ll copy the same thing over here so this will be sign out let me go ahead and hit on configure now let me go on to api permissions let me go ahead and add a permission over here i’ll choose my apis i’ll choose the api management application object i’ll choose delegate permissions i’ll choose a permission that we have i’ll click on add permissions and now we are done going back on to the code let me also go (1:52:36) ahead and ensure that i add another header so let me go ahead and add another header with just a simple name and value string pair so that is basically for the subscription key so let me go on to my as your api management instance let me go on to my apis i’ll go on to my course api i’ll go ahead and just hide this i’ll go on to get courses i’ll go under test i’ll go ahead and scroll down let me go ahead and take this has the name and let me go ahead and add the value so i’ll copy it over here (1:53:38) right so now let’s go ahead and run the program so let me go ahead and login so you can log in with any user basically any user that you have defined in your azure ad directory so over here you have the consent screen let me go ahead and hit on accept and over here you’re getting all of the details let me go ahead and just sign out so i’ll sign out of my account right so in this chapter i just want to go through how you can also now invoke your protected api from an asp. (1:54:32) net code application